Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ABB — Vulnerabilities & Security Advisories 211

Browse all 211 CVE security advisories affecting ABB. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ABB operates as a global leader in electrification and industrial automation, providing critical infrastructure for power grids, manufacturing, and transportation. With 211 recorded Common Vulnerabilities and Exposures (CVEs), the company’s software and hardware ecosystems have historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from legacy industrial control systems and web-based management interfaces, exposing operational technology to potential compromise. Notable incidents include the discovery of hardcoded credentials and unpatched firmware in various PLCs and HMIs, which attackers have exploited to gain unauthorized network access. The sheer volume of CVEs highlights significant challenges in maintaining security across diverse, long-lifecycle products. While ABB implements security updates, the complexity of its integrated solutions continues to present persistent risks for industrial environments relying on its technology.

Top products by ABB: ASPECT-Enterprise eSOMS ABB Ability™ Symphony® Plus Operations FLXEON ABB Ability™ zenon Central Licensing System Drive Composer entry TG/S 3.2 Telephone Gateway RMC-100 PB610 Panel Builder 600 ANC ABB Zenon ASPECT Terra AC wallbox System 800xA Base AWIN GW100 rev.2 WebPro SNMP Card PowerValue SPIET800 RobotWare 6 Terra AC wallbox (UL40/80A) AC500 V2 products with onboard Ethernet IRB140 Freelance controllers AC 700F REX640 PCL1 OPC Server for AC 800M Automation Builder e-Design AC500 V3 Advant MOD 300 AdvaBuild Pulsar Plus System Controller NE843_S
CVE IDTitleCVSSSeverityPublished
CVE-2024-48845 Weak Password Rules/Strength — ASPECT-EnterpriseCWE-521 9.4 Critical2024-12-05
CVE-2024-48844 Denial of Service, DoS — ASPECT-EnterpriseCWE-770 7.7 High2024-12-05
CVE-2024-48843 Denial of Service, DoS — ASPECT-EnterpriseCWE-770 7.7 High2024-12-05
CVE-2024-48840 Unauthorized Access — ASPECT-EnterpriseCWE-94 10.0 Critical2024-12-05
CVE-2024-48839 Remote Code Execution, RCE — ASPECT-EnterpriseCWE-94 10.0 Critical2024-12-05
CVE-2024-11317 PHP Session Fixation — ASPECT-EnterpriseCWE-384 10.0 Critical2024-12-05
CVE-2024-11316 Filesize Check — ASPECT-EnterpriseCWE-770 7.5 High2024-12-05
CVE-2024-6784 SSRF Server Side Request Forgery — ASPECT-EnterpriseCWE-918 9.9 Critical2024-12-05
CVE-2024-6516 Cross Site Scripting XSS — ASPECT-EnterpriseCWE-79 9.0 Critical2024-12-05
CVE-2024-6515 unauthorized file access — ASPECT-EnterpriseCWE-319 9.6 Critical2024-12-05
CVE-2024-8036 Unauthorized Modifications of Firmware and Configuration — Relion Protection Relays RE_611 IECCWE-347 5.9 Medium2024-10-25
CVE-2024-6157 ABB IRC5 RobotWare 代码问题漏洞 — RobotWare 6CWE-476 5.1 Medium2024-10-10
CVE-2020-11640 Elevation of Privilege — Advant MOD 300 AdvaBuildCWE-269 8.8 High2024-07-23
CVE-2020-11639 Insufficient access control on Inter process communication, — Advant MOD 300 AdvaBuildCWE-924 7.8 High2024-07-23
CVE-2024-5402 Mint Workbench I Unquoted Service Path Enumeration — Mint Workbench ICWE-428 7.8 High2024-07-15
CVE-2024-6209 unauthorized file access — ASPECT-EnterpriseCWE-552 10.0 Critical2024-07-05
CVE-2024-6298 remote code execution — ASPECT-EnterpriseCWE-1287 10.0 Critical2024-07-05
CVE-2024-4007 Hard coded default credential contained in install package — ASPECT Enterprise (ASP-ENT-x)CWE-1392 8.8 High2024-07-01
CVE-2024-3036 Communication DoS vulnerability — 800xA BaseCWE-1284 5.7 Medium2024-06-21
CVE-2024-1914 OmniCore robot 代码问题漏洞 — RobotWare 6CWE-476 6.5 Medium2024-05-14
CVE-2024-1913 ABB OmniCore robot 缓冲区错误漏洞 — RobotWare 6CWE-787 7.6 High2024-05-14
CVE-2024-0335 Malformed Packet Handling — Symphony Plus S+ OperationsCWE-23 7.5 High2024-04-03
CVE-2023-0426 Stack overflow in filename or in boundary — Freelance controllers AC 700FCWE-121 8.6 High2023-08-07
CVE-2023-0425 Buffer overflow in global memory region — Freelance controllers AC 700FCWE-839 8.6 High2023-08-07
CVE-2023-2685 Unquoted Service Path in ABB AO-OPC — AO-OPCCWE-428 7.2 High2023-07-28
CVE-2023-3324 Insecure deserialization in zenon internal DLLs — ABB Ability™ zenonCWE-502 6.3 Medium2023-07-24
CVE-2023-3323 Code Execution through overwriting project file on zenon engineering studio system — ABB Ability™ zenonCWE-276 5.9 Medium2023-07-24
CVE-2023-3322 Code Execution through overwriting service executable in utilities directory — ABB Ability™ zenonCWE-732 7.0 High2023-07-24
CVE-2023-3321 Code Execution through Writable Mosquitto Configuration File — ABB Ability™ zenonCWE-15 7.0 High2023-07-24
CVE-2023-2876 Session cookie exposure for client side script — REX640 PCL1CWE-1004 3.1 Low2023-06-13

This page lists every published CVE security advisory associated with ABB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.