Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ABB — Vulnerabilities & Security Advisories 211

Browse all 211 CVE security advisories affecting ABB. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ABB operates as a global leader in electrification and industrial automation, providing critical infrastructure for power grids, manufacturing, and transportation. With 211 recorded Common Vulnerabilities and Exposures (CVEs), the company’s software and hardware ecosystems have historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from legacy industrial control systems and web-based management interfaces, exposing operational technology to potential compromise. Notable incidents include the discovery of hardcoded credentials and unpatched firmware in various PLCs and HMIs, which attackers have exploited to gain unauthorized network access. The sheer volume of CVEs highlights significant challenges in maintaining security across diverse, long-lifecycle products. While ABB implements security updates, the complexity of its integrated solutions continues to present persistent risks for industrial environments relying on its technology.

Top products by ABB: ASPECT-Enterprise eSOMS ABB Ability™ Symphony® Plus Operations FLXEON ABB Ability™ zenon Central Licensing System Drive Composer entry TG/S 3.2 Telephone Gateway RMC-100 PB610 Panel Builder 600 ANC ABB Zenon ASPECT Terra AC wallbox System 800xA Base AWIN GW100 rev.2 WebPro SNMP Card PowerValue SPIET800 RobotWare 6 Terra AC wallbox (UL40/80A) AC500 V2 products with onboard Ethernet IRB140 Freelance controllers AC 700F REX640 PCL1 OPC Server for AC 800M Automation Builder e-Design AC500 V3 Advant MOD 300 AdvaBuild Pulsar Plus System Controller NE843_S
CVE IDTitleCVSSSeverityPublished
CVE-2025-3756 Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850 — AC800M (System 800xA)CWE-1284 6.5 Medium2026-04-13
CVE-2025-13779 Configuration Data Spill — AWIN GW100 rev.2CWE-306 8.3 High2026-03-13
CVE-2025-13778 Device Reboot Control — AWIN GW100 rev.2CWE-306 6.5 Medium2026-03-13
CVE-2025-13777 Authentication Bypass due to Improper Session Validation — AWIN GW100 rev.2CWE-294 8.3 High2026-03-13
CVE-2025-14510 ABB Ability OPTIMAX Authentication Bypass in Single-Sign On — ABB Ability OPTIMAXCWE-303 8.1 High2026-01-16
CVE-2025-4677 Idle session timeout is not configured for multiple open ports — WebPro SNMP Card PowerValueCWE-613 6.5 Medium2026-01-07
CVE-2025-4676 Authentication bypass by brute forcing Authentication Headers — WebPro SNMP Card PowerValueCWE-303 8.8 High2026-01-07
CVE-2025-4675 Improper implementation of Modbus protocol leading to DOS attack — WebPro SNMP Card PowerValueCWE-754 6.5 Medium2026-01-07
CVE-2025-12143 Stack Memory Corruption Vulnerability — Terra AC wallboxCWE-121 6.1 Medium2025-11-28
CVE-2025-10571 ABB Ability Edgenius Authentication Bypass — ABB Ability EdgeniusCWE-288 9.6 Critical2025-11-20
CVE-2025-12142 BSS(Block Started by Symbol) Memory Corruption Vulnerability — Terra AC wallboxCWE-120 6.1 Medium2025-10-29
CVE-2025-5517 Heap Memory Corruption Vulnerability — Terra AC wallbox (UL40/80A)CWE-122 6.8 Medium2025-10-20
CVE-2025-3465 Path Traversal Vulnerability — CoreSense™ HMCWE-22 7.1 High2025-10-20
CVE-2025-9574 Missing Authentication Vulnerability — ALS-mini-s4 IPCWE-306 10.0 Critical2025-10-20
CVE-2025-9970 Application credential stored in clear text in memory — MConfigCWE-316 7.4 High2025-10-08
CVE-2021-22291 EIBPORT Reflected XSS — EIBPORT V3 KNXCWE-79 8.0 High2025-10-07
CVE-2025-10504 Heap Memory Corruption Vulnerability — Terra AC wallboxCWE-122 6.1 Medium2025-09-29
CVE-2025-10207 Authenticated File Disclosure/Delete — FLXEONCWE-1287 7.2 High2025-09-18
CVE-2024-48851 Remote Code Execution — FLXEONCWE-1287 7.2 High2025-09-18
CVE-2025-10205 Predictable Salt and Weak Hashing Algorithm — FLXEONCWE-759 8.8 High2025-09-17
CVE-2024-48842 Hardcoded passwords — FLXEONCWE-798 7.0 High2025-09-17
CVE-2025-8754 ABB AbilityTM zenon Remote Transport Vulnerability — ABB AbilityTM zenonCWE-306 7.5 High2025-08-13
CVE-2025-7679 Session ID Basic Auth Bypass — AspectCWE-306 8.1 High2025-08-11
CVE-2025-7677 DOS attack possible — AspectCWE-120 5.9 Medium2025-08-11
CVE-2025-53187 Unauthenticated RCE — ASPECTCWE-288 9.8 Critical2025-08-11
CVE-2025-7745 Modbus TCP buffer overread — AC500 V2CWE-126 5.8 Medium2025-07-24
CVE-2025-7705 Authentication bypass due to compatibility mode enabled by default — Switch Actuator 4 DU-83330CWE-489 6.8 Medium2025-07-22
CVE-2025-6071 Hard Coded Key used for AES encryption — RMC-100CWE-321 5.3 Medium2025-07-03
CVE-2025-6072 Stack Buffer Overflow in MQTTCore — RMC-100CWE-121 7.5 High2025-07-03
CVE-2025-6073 Stack Buffer Overflow in MQTTCore — RMC-100CWE-121 7.5 High2025-07-03

This page lists every published CVE security advisory associated with ABB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.