CVE-2024-10334

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA:...

CVE-2024-10334 Camera passwords stored in clear text

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA:...

ABB Multiple System 800xA Products Incorrect Default Permissions (CVE-2020-8484)

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. This plugin only works wi...

ABB Multiple System 800xA Products Incorrect Default Permissions (CVE-2020-8489)

Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management all published versions enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management...

ABB Multiple System 800xA Products Incorrect Default Permissions (CVE-2020-8488)

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management all published versions enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. Th...

ABB Central Licensing System Exposure of Sensitive Information to an Unauthorized Actor (CVE-2020-8481)

For ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody...

ABB System 800xA Base

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Base Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and...

ABB System 800xA

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, cause system functions to...

ABB Multiple System 800xA Products

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to make the system node inaccessible or tamper with...

CVE-2020-8488

Affected product: ABB System 800xA Batch Management (all published versions). Vulnerability: Insufficient protection of inter-process communication (IPC) functions enables a local, authenticated attacker to inject data, affecting the User Interface update during batch execution and/or the compare...

CVE-2020-8487 ABB System 800xA Inter process communication vulnerability - System 800xA Base

Insufficient protection of the inter-process communication functions in ABB System 800xA Base all published versions enables an attacker authenticated on the local system to inject data, affect node redundancy handling...

CVE-2020-8481

CVE-2020-8481 concerns ABB Ability System 800xA and related ABB CLS/OLC ecosystem components. The root cause is confidential data written in an unprotected file, enabling an attacker to read sensitive data and potentially take full control of the affected node. Reported affected products span mul...

CVE-2020-8472

CVE-2020-8472 affects ABB System 800xA components: OPCServer for AC800M (v6.0 and earlier), Control Builder M Professional, MMS Server for AC800M, and Base Software for SoftControl (v6.1 and earlier). Root cause is insufficient/weak default folder permissions (CWE-276) allowing low-privileged use...