Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ABB — Vulnerabilities & Security Advisories 211

Browse all 211 CVE security advisories affecting ABB. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ABB operates as a global leader in electrification and industrial automation, providing critical infrastructure for power grids, manufacturing, and transportation. With 211 recorded Common Vulnerabilities and Exposures (CVEs), the company’s software and hardware ecosystems have historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from legacy industrial control systems and web-based management interfaces, exposing operational technology to potential compromise. Notable incidents include the discovery of hardcoded credentials and unpatched firmware in various PLCs and HMIs, which attackers have exploited to gain unauthorized network access. The sheer volume of CVEs highlights significant challenges in maintaining security across diverse, long-lifecycle products. While ABB implements security updates, the complexity of its integrated solutions continues to present persistent risks for industrial environments relying on its technology.

Top products by ABB: ASPECT-Enterprise eSOMS ABB Ability™ Symphony® Plus Operations FLXEON ABB Ability™ zenon Central Licensing System Drive Composer entry TG/S 3.2 Telephone Gateway RMC-100 PB610 Panel Builder 600 ANC ABB Zenon ASPECT Terra AC wallbox System 800xA Base AWIN GW100 rev.2 WebPro SNMP Card PowerValue SPIET800 RobotWare 6 Terra AC wallbox (UL40/80A) AC500 V2 products with onboard Ethernet IRB140 Freelance controllers AC 700F REX640 PCL1 OPC Server for AC 800M Automation Builder e-Design AC500 V3 Advant MOD 300 AdvaBuild Pulsar Plus System Controller NE843_S
CVE IDTitleCVSSSeverityPublished
CVE-2021-22278 Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool — PCM600CWE-295 6.7 Medium2021-10-28
CVE-2021-22272 ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase. — mybuildings.abb.comCWE-200 6.5 Medium2021-09-27
CVE-2021-22276 free@home System Access Point FW integrity check can be bypassed. — System Access PointCWE-200 6.1 Medium2021-09-23
CVE-2020-24672 ABB Base Software for SoftControl Remote Code Execution vulnerability — Base Software for SoftControlCWE-862 9.8 Critical2021-09-08
CVE-2020-24686 AC500 V2 webserver denial of service vulnerability — AC500 V2 products with onboard EthernetCWE-400 7.5 High2021-02-26
CVE-2020-24685 AC500 V2 unauthenticated crafter packet vulnerability — AC500 V2 products with onboard Ethernet 8.6 High2021-02-09
CVE-2020-24675 Weak Authentication in Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-287 9.8 Critical2020-12-22
CVE-2020-24673 SQL Injection in Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-89 9.8 Critical2020-12-22
CVE-2020-24674 Improper Authorization in Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-285 8.8 High2020-12-22
CVE-2020-24683 Authentication Bypass in Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-602 9.8 Critical2020-12-22
CVE-2020-24680 Improper Credential Storage in Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-255 7.0 High2020-12-22
CVE-2020-24679 Denial of Service attack on Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-20 7.5 High2020-12-22
CVE-2020-24677 Insecure Web Service in Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-754 8.8 High2020-12-22
CVE-2020-24676 Insecure Windows Services in Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-274 7.8 High2020-12-22
CVE-2020-24678 Potential Privilege Escalation in Symphony Plus — ABB Ability™ Symphony® Plus OperationsCWE-269 8.8 High2020-12-22
CVE-2020-10287 RVD#3326: Hardcoded default credentials on IRC 5 OPC Server — IRB140CWE-255 9.8 -2020-07-15
CVE-2020-10288 RVD#3327: No authentication required for accesing ABB IRC5 FTP server — IRB140CWE-284 9.8 -2020-07-15
CVE-2020-8482 ABB Device Library Wizard Information Disclosure Vulnerability — ABB Device Library WizardCWE-922 7.8 High2020-05-29
CVE-2019-5620 ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function — MicroSCADA Pro SYS600CWE-306 9.8 -2020-04-29
CVE-2020-8489 ABB System 800xA Inter process communication vulnerability - 800xA Information Management — 800xA Information ManagementCWE-264 7.8 High2020-04-29
CVE-2020-8488 ABB System 800xA Inter process communication vulnerability - 800xA Batch Management — 800xA Batch ManagementCWE-264 7.8 High2020-04-29
CVE-2020-8487 ABB System 800xA Inter process communication vulnerability - System 800xA Base — System 800xA BaseCWE-264 6.6 Medium2020-04-29
CVE-2020-8486 ABB System 800xA Inter process communication vulnerability - 800xA RNRP — 800xA RNRPCWE-264 6.6 Medium2020-04-29
CVE-2020-8485 ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300 — 800xA for MOD300CWE-264 7.8 High2020-04-29
CVE-2020-8484 ABB System 800xA Inter process communication vulnerability - 800xA for DCI — 800xA for DCICWE-264 7.8 High2020-04-29
CVE-2020-8478 ABB System 800xA Inter process communication vulnerability — OPC Server for AC 800MCWE-264 5.3 Medium2020-04-29
CVE-2020-8481 ABB Central Licensing System - Information disclosure — Central Licensing SystemCWE-200 9.8 Critical2020-04-29
CVE-2020-8471 ABB Central Licensing System - Weak File Permissions — Central Licensing SystemCWE-275 7.8 High2020-04-29
CVE-2020-8475 ABB Central Licensing System - Denial of Service Vulnerability — Central Licensing SystemCWE-20 5.3 Medium2020-04-29
CVE-2020-8476 ABB Central Licensing System - Elevation of Privilege Vulnerability — Central Licensing SystemCWE-20 5.3 Medium2020-04-29

This page lists every published CVE security advisory associated with ABB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.