聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-7064 | Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024. | 5.6 | 0.12% | 2026-06-11 | 2026-06-11 |
| CVE-2025-14774 | Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | 7.2 | 0.15% | 2026-06-03 | 2026-06-04 |
| CVE-2025-14773 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | 7.2 | 0.18% | 2026-06-03 | 2026-06-04 |
| CVE-2025-14772 | Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | 7.3 | 0.25% | 2026-06-03 | 2026-06-04 |
| CVE-2025-14771 | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | 7.3 | 0.29% | 2026-06-03 | 2026-06-04 |
| CVE-2025-11482 | An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service. | 8.7 | 0.29% | 2026-05-26 | 2026-05-26 |
| CVE-2025-3756 | A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. The System 800xA IEC | 7.1 | 0.18% | 2026-04-13 | 2026-05-19 |
| CVE-2025-13779 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | 7.2 | 0.29% | 2026-03-13 | 2026-05-19 |
| CVE-2025-13778 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | 7.1 | 0.27% | 2026-03-13 | 2026-05-19 |
| CVE-2025-13777 | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | 7.2 | 0.23% | 2026-03-13 | 2026-05-19 |
| CVE-2026-0936 | An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disabled by default and must be explicitly enabled by the user. | 5.1 | 0.10% | 2026-01-29 | 2026-04-15 |
| CVE-2025-11044 | An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices. | 8.9 | 0.31% | 2026-01-19 | 2026-04-15 |
| CVE-2025-11043 | An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges. | 9.1 | 0.21% | 2026-01-19 | 2026-04-15 |
| CVE-2025-14510 | Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120. | 9.2 | 0.39% | 2026-01-16 | 2026-04-15 |
| CVE-2025-4677 | Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | 7.1 | 0.18% | 2026-01-07 | 2026-04-15 |
| CVE-2025-4676 | Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | 8.4 | 0.24% | 2026-01-07 | 2026-04-15 |
| CVE-2025-4675 | Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | 7.1 | 0.18% | 2026-01-07 | 2026-04-15 |
| CVE-2025-12143 | Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33. | 6.9 | 0.18% | 2025-11-28 | 2026-04-15 |
| CVE-2025-10571 | Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. | 9.4 | 0.29% | 2025-11-20 | 2026-04-15 |
| CVE-2025-12142 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33. | 6.9 | 0.18% | 2025-10-29 | 2026-04-15 |