CVE-2020-8481 ABB Central Licensing System - Information disclosure

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody...

CVE-2020-8481

CVE-2020-8481 concerns ABB Ability System 800xA and related ABB CLS/OLC ecosystem components. The root cause is confidential data written in an unprotected file, enabling an attacker to read sensitive data and potentially take full control of the affected node. Reported affected products span mul...

CVE-2020-8471

CVE-2020-8471 affects ABB Central Licensing System (CLS) across multiple ABB products (800xA, Compact HMI, Symphony Plus, Harmony/Melody components, Knowledge Manager, etc.). The root issue is weak file permissions on the CLS, allowing an authenticated attacker to block license handling, escalate...

CVE-2020-8471 ABB Central Licensing System - Weak File Permissions

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8479

CVE-2020-8479 is an XML External Entity Injection vulnerability in ABB Central Licensing Server components across ABB Ability System 800xA, Compact HMI, and related products. The issue allows an attacker to read or call arbitrary files from the license server and/or the network, and can also bloc...

CVE-2020-8479 ABB Central Licensing System - XML External Entity Injection

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8476 ABB Central Licensing System - Elevation of Privilege Vulnerability

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8476

CVE-2020-8476 affects ABB CLS across ABB Ability System 800xA and related components, where a weakness in input validation in the Central Licensing Server allows an attacker to alter licenses assigned to system nodes. Reported impact is license manipulation (credentials/permissions could be misap...

PT-2020-20162 · Abb · Compact Hmi +17

Name of the Vulnerable Software and Affected Versions: ABB Ability System 800xA versions 5.1 through 6.1 Compact HMI versions 5.1 through 6.0 Control Builder Safe versions 1.0 through 2.0 Symphony Plus -S+ Operations versions 3.0 through 3.2 Symphony Plus -S+ Engineering versions 1.1 through 2.2...

PT-2020-20164 · Abb · Compact Hmi +17

Name of the Vulnerable Software and Affected Versions: ABB Ability System 800xA versions 5.1 through 6.1 Compact HMI versions 5.1 through 6.0 Control Builder Safe versions 1.0 through 2.0 Symphony Plus -S+ Operations versions 3.0 through 3.2 Symphony Plus -S+ Engineering versions 1.1 through 2.2...

JVN#93064451: Multiple SHARP Android devices vulnerable to information disclosure

Multiple SHARP Android devices contain an information disclosure vulnerability CWE-200. Impact Sensitive information of the device may be obtained by the other android application installed in the device. Solution Update the Firmware Update the firmware to the latest version according to the...

Arbitrary Code Execution

freetype is vulnerable to arbitrary code execution. Two stack overflow flaws were found in the way the FreeType font engineprocessed certain Compact Font Format CFF character strings opcodes. If a user loaded a specially-crafted font file with an application linked against FreeType, it could caus...

CVE-2019-19279

CVE-2019-19279 affects Siemens SIPROTEC 4 and SIPROTEC Compact relays with EN100 Ethernet modules (all versions). The issue is caused by sending specially crafted packets to UDP port 50000, which can trigger a network-denial-of-service on the affected device. Recovery requires a manual reboot. At...

CVE-2019-19279

A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules All versions. Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A...

SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families Denial of Service Vulnerability

SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families are offering integrated protection, control, measurement and automation functions for substations and other applications. A denial of service vulnerability exists in SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families. An attacker can...

Siemens SIPROTEC 4 and SIPROTEC Compact

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerability: Improper Input Validation 2. RISK EVALUATION This vulnerability could allow an attacker to conduct a denial-of-service attack over the network. 3. TECHNICAL...

Siemens EN100 Ethernet Module (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Cross-site Scripting, Relative Path Traversal 2. UPDATE...

Siemens Siprotec Exposure of Sensitive Information to an Unauthorized Actor

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Siemens Siprotec Unspecified Vulnerability

A vulnerability has been identified in Siemens DIGSI 4 All versions V4.92, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module PROFINET IO variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module DNP3 variant All versions,...

Siemens SIMATIC Compact Field Unit PA Edition PROFINET Interface Detection

Binary data 765350.prm...