1993 matches found
CVE-2019-18996
Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context...
CVE-2020-24685
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service DoS vulnerability. Vulnerability allows attacker to stop the PLC. After stopping ERR LED flashing red, physical access to the PLC is required in order to restart the application. This...
CVE-2020-24686
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and...
CVE-2025-4675
Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K...
CVE-2025-4675 Improper implementation of Modbus protocol leading to DOS attack
Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K...
CVE-2025-4675
This CVE (CVE-2025-4675) concerns an improper check for unusual or exceptional conditions in ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL. Affected products: WebPro SNMP Card PowerValue and PowerValue UL, up to version 1.1.8.K. Root cause: improper handling/check of exce...
CVE-2019-7226
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the...
CVE-2019-7231
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that...
CVE-2019-7227
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor ...
CVE-2019-7232
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler SEH address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to...
CVE-2019-7225
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
SUMMARY ABB became aware of multiple internally discovered vulnerabilities in the WebPro SNMP card PowerValue for the product versions listed as affected in the advisory. Depending upon the vulnerability, an attacker with access to local network who successfully exploited this vulnerability...
ABB WebPro SNMP Card PowerValue和ABB WebPro SNMP Card PowerValue UL 安全漏洞
ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL are both a remote web management system from ABB Switzerland. A security vulnerability exists in ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL 1.1.8.K and earlier versions, which stems from an incorrec...
CVE-2025-12143
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33...
CVE-2025-12143
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33...
CVE-2025-10571
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1...
ABB Ability Edgenius 安全漏洞
ABB Ability Edgenius is a cloud management edge platform from ABB Switzerland. A security vulnerability exists in ABB Ability Edgenius versions 3.2.0.0 and 3.2.1.1 that stems from the use of an alternate path or channel to bypass authentication...
Hitachi ABB AFS Use After Free (CVE-2023-0215)
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This plugin only works wi...
Hitachi ABB AFS Double Free (CVE-2022-4450)
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This plugin only works wi...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-310-01 Advantech DeviceOn iEdge ICSA-25-310-02 Ubia Ubox ICSA-25-310-03 ABB FLXeon Controllers...