Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ABB — Vulnerabilities & Security Advisories 211

Browse all 211 CVE security advisories affecting ABB. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ABB operates as a global leader in electrification and industrial automation, providing critical infrastructure for power grids, manufacturing, and transportation. With 211 recorded Common Vulnerabilities and Exposures (CVEs), the company’s software and hardware ecosystems have historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from legacy industrial control systems and web-based management interfaces, exposing operational technology to potential compromise. Notable incidents include the discovery of hardcoded credentials and unpatched firmware in various PLCs and HMIs, which attackers have exploited to gain unauthorized network access. The sheer volume of CVEs highlights significant challenges in maintaining security across diverse, long-lifecycle products. While ABB implements security updates, the complexity of its integrated solutions continues to present persistent risks for industrial environments relying on its technology.

Top products by ABB: ASPECT-Enterprise eSOMS ABB Ability™ Symphony® Plus Operations FLXEON ABB Ability™ zenon Central Licensing System Drive Composer entry TG/S 3.2 Telephone Gateway RMC-100 PB610 Panel Builder 600 ANC ABB Zenon ASPECT Terra AC wallbox System 800xA Base AWIN GW100 rev.2 WebPro SNMP Card PowerValue SPIET800 RobotWare 6 Terra AC wallbox (UL40/80A) AC500 V2 products with onboard Ethernet IRB140 Freelance controllers AC 700F REX640 PCL1 OPC Server for AC 800M Automation Builder e-Design AC500 V3 Advant MOD 300 AdvaBuild Pulsar Plus System Controller NE843_S
CVE IDTitleCVSSSeverityPublished
CVE-2022-0010 QCS 800xA Vulnerability identified in system log files — QCS 800xACWE-532 7.8 High2023-05-22
CVE-2023-0864 Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE). — Terra AC wallbox (UL40/80A)CWE-319 7.1 High2023-05-17
CVE-2023-0863 Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed, — Terra AC wallbox (UL40/80A)CWE-287 8.8 High2023-05-17
CVE-2023-0580 Information Disclosure vulnerability in My Control System (on-premise) — My Control System (on-premise)CWE-922 5.4 Medium2023-04-06
CVE-2022-3192 Improper Check for Unusual or Exceptional Conditions — AC500 V2CWE-754 5.3 Medium2023-03-31
CVE-2023-1258 Flow-X disclosure of sensitive information to unauthenticated users — Flow-XCWE-200 5.3 Medium2023-03-31
CVE-2022-4126 Use of Default Password — RCCMDCWE-1393 9.6 Critical2023-03-27
CVE-2022-26080 Easily guessable session ID's in NE843 Pulsar Plus Controller — Pulsar Plus System Controller NE843_S CWE-330 6.3 Medium2023-03-16
CVE-2023-0228 Improper authentication vulnerability in S+ Operations — Symphony Plus S+ OperationsCWE-287 8.8 High2023-03-02
CVE-2021-22283 MMS File Transfer Vulnerability impact on Distribution Automation products — Relion protection relays - 611 seriesCWE-665 6.2 Medium2023-02-28
CVE-2022-1607 Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller — Pulsar Plus System Controller NE843_S CWE-352 4.6 Medium2023-02-24
CVE-2022-34838 ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control — ABB ZenonCWE-257 8.1 High2022-08-24
CVE-2022-34836 ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control — ABB ZenonCWE-23 5.9 Medium2022-08-24
CVE-2022-34837 ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control — ABB ZenonCWE-257 6.2 Medium2022-08-24
CVE-2022-0902 ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access — RMC-100 (Standard)CWE-22 8.1 High2022-07-21
CVE-2022-1596 ABB Relion REX640 Insufficient file access control — REX640 PCL1CWE-732 6.5 Medium2022-06-21
CVE-2022-31219 Drive Composer Link Following Local Privilege Escalation Vulnerability — Drive Composer entryCWE-59 7.3 High2022-06-15
CVE-2022-31218 Drive Composer Link Following Local Privilege Escalation Vulnerability — Drive Composer entryCWE-59 7.8 High2022-06-15
CVE-2022-31217 Drive Composer Link Following Local Privilege Escalation Vulnerability — Drive Composer entryCWE-59 7.8 High2022-06-15
CVE-2022-31216 Drive Composer Link Following Local Privilege Escalation Vulnerability — Drive Composer entryCWE-59 7.8 High2022-06-15
CVE-2022-26057 Mint WorkBench Link Following Local Privilege Escalation Vulnerability — Mint WorkBenchCWE-269 6.7 Medium2022-06-15
CVE-2022-29483 e-Design - Multiple vulnerabilities — e-DesignCWE-276 7.8 High2022-05-31
CVE-2022-28702 e-Design - Multiple vulnerabilities — e-DesignCWE-276 6.1 Medium2022-05-31
CVE-2022-0947 Arctic Wireless Gateway Firewall vulnerability — ABB ARG600 Wireless Gateway seriesCWE-665 9.0 Critical2022-05-10
CVE-2021-22277 AC 800M MMS - Denial of Service vulnerability in MMS communication — 800xA, Control Software for AC 800MCWE-20 7.5 High2022-04-01
CVE-2021-22284 SECURITY - OPC Server for AC 800M - Remote Code Execution Vulnerability — 800xA, Control Software for AC 800M OPC Server for AC 800MCWE-732 8.4 High2022-02-04
CVE-2021-22285 SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module — SPIET800CWE-755 7.5 High2022-02-04
CVE-2021-22288 SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module — SPIET800CWE-20 7.5 High2022-02-04
CVE-2021-22286 SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module — SPIET800CWE-20 7.5 High2022-02-04
CVE-2021-22279 OmniCore RobotWare Missing Authentication Vulnerability — RobotWareCWE-306 9.8 Critical2021-12-13

This page lists every published CVE security advisory associated with ABB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.