Abb Abb

  1. Vendors
  2. Abb

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Abb product.

RSS Feeds for Abb security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Abb products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Abb Sorted by Most Security Vulnerabilities since 2018

Abb Mint Workbench6 vulnerabilities

Abb Control Builder Safe6 vulnerabilities

Abb Automation Builder6 vulnerabilities

Abb Terra Ac Wallbox5 vulnerabilities

Abb Compact Hmi5 vulnerabilities

Abb Rtu500 Firmware1 vulnerability

Abb Als Mini S4 Ip1 vulnerability

Abb Flxeon1 vulnerability

Abb Als Mini S8 Ip1 vulnerability

Abb Coresense1 vulnerability

By the Year

In 2026 there have been 4 vulnerabilities in Abb with an average score of 7.5 out of ten. Last year, in 2025 Abb had 17 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Abb in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.30.




Year Vulnerabilities Average Score
2026 4 7.48
2025 17 7.18
2024 1 7.80
2023 12 7.29
2022 15 7.35
2021 5 8.18
2020 44 7.18
2019 6 5.58
2018 3 5.80

It may take a day or so for new Abb vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Abb Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-14510 Jan 16, 2026
Auth Alg Flaw in ABB Ability OPTIMAX 6.1-6.4 (pre 6.3.1) Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.
CVE-2025-4677 Jan 07, 2026
ABB WebPro SNMP Card PowerValue <=1.1.8.K Insufficient Session Expiration Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.
CVE-2025-4676 Jan 07, 2026
ABB WebPro SNMP Card PowerValue <=1.1.8.K: AuthAlg flaw Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.
CVE-2025-4675 Jan 07, 2026
ABB WebPro SNMP Card PowerValue Improper Condition Check 1.1.8.K Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.
CVE-2025-12143 Nov 28, 2025
ABB Terra AC Wallbox Buffer Overflow (<=1.8.33) Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
Terra Ac Wallbox
CVE-2025-10571 Nov 20, 2025
Authentication Bypass in ABB Ability Edgenius 3.2.0.0/3.2.1.1 via Alternate Path Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.
CVE-2025-12142 Oct 29, 2025
Buffer Overflow in ABB Terra AC wallbox 1.8.33 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
Terra Ac Wallbox
CVE-2025-5517 Oct 20, 2025
ABB Terra AC wallbox Heap Buffer Overflow (v<=1.8.32) Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terra AC PTB, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): through 1.8.32; Terra AC wallbox (UL32A): through 1.8.2; Terra AC wallbox (MID/ CE) -Terra AC MID: through 1.8.32; Terra AC wallbox (MID/ CE) -Terra AC Juno CE: through 1.8.32; Terra AC wallbox (MID/ CE) -Terra AC PTB: through 1.8.21; Terra AC wallbox (JP): through 1.8.2.
Terra Ac Wallbox
CVE-2025-3465 Oct 20, 2025
Path Traversal in ABB CoreSense HM/M10 (2.3.1/1.4.1.12) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense HM, ABB CoreSense M10.This issue affects CoreSense HM: through 2.3.1; CoreSense M10: through 1.4.1.12.
Coresense
CVE-2025-9574 Oct 20, 2025
ABB ALS-mini-s4/IP, ALS-mini-s8/IP: Missing Auth for Critical Func Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .  All firmware versions with the Serial Number from 2000 to 5166
Als Mini S4 Ip
Als Mini S8 Ip
CVE-2025-9970 Oct 08, 2025
Cleartext Storage of Sensitive Info in Memory in ABB MConfig <1.4.9.21 Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
CVE-2021-22291 Oct 07, 2025
ABB EIBPORT V3 KNX XSS via Web UI before v3.9.2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2.
CVE-2025-10504 Sep 29, 2025
Heap-based Buffer Overflow in ABB Terra AC wallbox v1.8.33 Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
CVE-2025-10207 Sep 18, 2025
ABB FLXEON <9.3.5 Improper Input Type Validation Vulnerability Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.
CVE-2024-48851 Sep 18, 2025
ABB FLXEON <9.3.5: Improper Input Validation RCE Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.
CVE-2025-10205 Sep 17, 2025
Predictable Salt in ABB FLXEON <9.3.5 & Newer (CVE-2025-10205) Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions
Flxeon
CVE-2024-48842 Sep 17, 2025
Use of Hard-Coded Credentials in ABB FLXEON v9.3.5+ Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions
CVE-2025-3394 Apr 30, 2025
Automation Builder <=2.8.0 Incorrect Permission Assignment Vulnerability Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
Automation Builder
CVE-2025-3395 Apr 30, 2025
ABB Automation Builder <=2.8.0: Cleartext Sensitive Data Stored Incorrectly Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
Automation Builder
CVE-2024-12430 Jan 07, 2025
Remote Command Execution in AC500 V3 (3.7.9) via File Injection An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.
CVE-2024-12429 Jan 07, 2025
Netgear AC500 V3 Firmware <3.8.0 Local File Read (CVE-2024-12429) An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.
CVE-2024-5402 Jul 15, 2024
ABB Mint Workbench Unquoted Search Path Priv Escalation Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868.
Mint Workbench
CVE-2023-2685 Jul 28, 2023
AO-OPC Server 3.2.1 Priv Esc via Unquoted Service Path A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 
Ao Opc
CVE-2023-3322 Jul 24, 2023
Lowprivilege File Read/Write in ABB Zenon (CVE20233322) A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability zenon: from 11 build through 11 build 106404.
Zenon
CVE-2023-3323 Jul 24, 2023
Local File Read/Write via Privileges in ABB Ability zenon A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability zenon: from 11 build through 11 build 106404.
Zenon
CVE-2023-3324 Jul 24, 2023
Low-Privilege Access Allows Directory Read/Write in ABB Zenon A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability zenon: from 11 build through 11 build 106404.
Zenon
CVE-2023-3321 Jul 24, 2023
Zenon dir read/write privilege escalation via crafted apps A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability zenon: from 11 build through 11 build 106404.
Zenon
CVE-2022-0010 May 22, 2023
ABB QCS 800xA/AC450/PE Tools Log Sensitive Data Leak (6.1SP2/5.1SP2/2.3.0) Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.
Platform Engineering Tools
CVE-2023-0863 May 17, 2023
ABB Terra AC wallbox Improper Auth vulnerability (v1.01.6.x) Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
Terra Ac Wallbox
CVE-2023-0864 May 17, 2023
Cleartext Transmission of Sensitive Data in ABB Terra AC Wallbox (v1.0.01.6.5) Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
Terra Ac Wallbox
CVE-2023-0580 Apr 06, 2023
ABB MyControl System Insecure Storage before v5.13 Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.
My Control System
CVE-2023-0228 Mar 02, 2023
ABB Symphony Plus S+ Ops Improper Auth (2.x-2.2,3.x-3.3 SP1/2) Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.
Symphony Plus S Operations
CVE-2022-1607 Feb 24, 2023
CSRF in ABB Pulsar Plus System Controller & Infinity DC Power Plant Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) comcode 150047415.
Infinity Dc Power Plant
Ne843 S
CVE-2022-3573 Jan 12, 2023
GitLab CE/EE <=15.5.6 / 15.6.3 / 15.7.1 Unrestricted JS via Wiki Params An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
Drive Composer
CVE-2022-34836 Aug 24, 2022
ABB Zenon 8.20: RPT in Log Comp Enables Unauthorized Access Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.
Zenon
CVE-2022-34838 Aug 24, 2022
ABB Zenon 8.20 Storing Passwords Recoverable: Privilege Escalation Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.
Zenon
CVE-2022-34837 Aug 24, 2022
ABB Zenon 8.20 Storing Passwords in Recoverable Format (ICS) Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.
Zenon
CVE-2022-26057 Jun 15, 2022
Vulnerabilities in the Mint WorkBench Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product
Mint Workbench
CVE-2022-31217 Jun 15, 2022
Vulnerabilities in the Drive Composer Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
Mint Workbench
Automation Builder
Drive Composer
And others...
CVE-2022-31218 Jun 15, 2022
Vulnerabilities in the Drive Composer Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
Mint Workbench
Automation Builder
Drive Composer
And others...
CVE-2022-31219 Jun 15, 2022
Vulnerabilities in the Drive Composer Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
Mint Workbench
Automation Builder
Drive Composer
And others...
CVE-2022-31216 Jun 15, 2022
Vulnerabilities in the Drive Composer Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
Mint Workbench
Automation Builder
Drive Composer
And others...
CVE-2022-29483 Jun 02, 2022
Incorrect Default Permissions vulnerability in ABB e-Design Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
E Design
CVE-2022-28702 Jun 02, 2022
Incorrect Default Permissions vulnerability in ABB e-Design Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
E Design
CVE-2022-28613 May 02, 2022
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.
Rtu500 Firmware
CVE-2021-22277 Apr 01, 2022
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
800xa
Base Software
Compact Product Suite
And others...
CVE-2021-27416 Mar 11, 2022
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the users session.
Ellipse Enterprise Asset Management
CVE-2021-27414 Mar 11, 2022
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.
Ellipse Enterprise Asset Management
CVE-2021-22284 Feb 04, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.
Opc Server For Ac 800m
CVE-2021-22278 Oct 28, 2021
A certificate validation vulnerability in PCM600 Update Manager A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
Update Manager
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.