Abb: Security Vulnerabilities
Denial of Service vulnerabilities where found providing a potiential for device service disruptions.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
7.6
EPSS Score
0.007
Published
2024-12-05
Denial of Service vulnerabilities where found providing a potiential for device service disruptions.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
7.2
EPSS Score
0.041
Published
2024-12-05
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
CVSS Score
9.3
EPSS Score
0.031
Published
2024-12-05
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
7.1
EPSS Score
0.007
Published
2024-12-05
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
9.3
EPSS Score
0.003
Published
2024-12-05
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS Score
8.7
EPSS Score
0.001
Published
2024-12-05
AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the
command queue can use it to launch an attack by running any executable on the AdvaBuild node. The
executables that can be run are not limited to AdvaBuild specific executables.
Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-07-23
An attacker could exploit the vulnerability by
injecting garbage data or specially crafted data. Depending on the data injected each process might be
affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing
the product to store wrong information or act on wrong data or display wrong information.
This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.
For an attack to be successful, the attacker must have local access to a node in the system and be able to
start a specially crafted application that disrupts the communication.
An attacker who successfully exploited the vulnerability would be able to manipulate the data in such
way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300
and AdvaBuild to crash.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-23
Unquoted Search Path or Element vulnerability in ABB Mint Workbench.
A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.
This issue affects Mint Workbench I versions: from 5866 before 5868.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-07-15
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to access files unauthorized
CVSS Score
9.4
EPSS Score
0.416
Published
2024-07-05