Search criteria
9 vulnerabilities found for 800xa by abb
VAR-202004-2164
Vulnerability from variot - Updated: 2024-11-23 21:35Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. MOD 300 for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for MOD 300 is a set of distributed control system for MOD 300 of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa for mod",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "300"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "800xa",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
}
]
},
"cve": "CVE-2020-8485",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8485",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005047",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-27094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186610",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8485",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005047",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8485",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8485",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005047",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-27094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186610",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. MOD 300 for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for MOD 300 is a set of distributed control system for MOD 300 of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8485",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-03",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-27094",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1923",
"trust": 0.6
},
{
"db": "IVD",
"id": "A95FE2E9-2AD9-4397-ACEE-B75AEA6365AA",
"trust": 0.2
},
{
"db": "IVD",
"id": "58F66F62-2F58-4515-806D-A715CBB1ED80",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186610",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8485",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"id": "VAR-202004-2164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
}
]
},
"last_update_date": "2024-11-23T21:35:52.014000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY Interprocess communication vulnerability in System 800xA",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8485"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8485"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186610"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"date": "2020-04-29T02:15:12.203000",
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"date": "2020-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-186610"
},
{
"date": "2020-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"date": "2020-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"date": "2024-11-21T05:38:55.647000",
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOD 300 for ABB System 800xA Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
],
"trust": 0.6
}
}
VAR-202004-2163
Vulnerability from variot - Updated: 2024-11-23 21:35Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. DCI for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for DCI is a set of distributed control system for DCI of Swiss ABB company.
ABB System 800xA for DCI (all versions) has a permission permission and access control problem vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa for dci",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "800xa",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
}
]
},
"cve": "CVE-2020-8484",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005101",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-27093",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186609",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8484",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005101",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005101",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-27093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186609",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. DCI for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for DCI is a set of distributed control system for DCI of Swiss ABB company. \n\r\n\r\nABB System 800xA for DCI (all versions) has a permission permission and access control problem vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8484",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-03",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-27093",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1923",
"trust": 0.6
},
{
"db": "IVD",
"id": "E609A386-F11A-4898-9A3B-E88BBB68E47E",
"trust": 0.2
},
{
"db": "IVD",
"id": "EC013E68-1DD8-40C6-909F-CEA3C685A26E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186609",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8484",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"id": "VAR-202004-2163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
}
]
},
"last_update_date": "2024-11-23T21:35:51.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY Interprocess communication vulnerability in System 800xA",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8484"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8484"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186609"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"date": "2020-04-29T02:15:12.013000",
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-186609"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"date": "2024-11-21T05:38:55.543000",
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DCI for ABB System 800xA Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
],
"trust": 0.6
}
}
VAR-202204-1451
Vulnerability from variot - Updated: 2024-08-14 13:22Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. System 800xA , BaseSoftware , compact product suite etc. multiple ABB The product contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-3"
},
{
"model": "800xa",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "800xa",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-1"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "800xa",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-4"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-3"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "control builder safe",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "3.0"
},
{
"model": "800xa",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-2"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-1"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "control builder safe",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "compact product suite",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "basesoftware",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"cve": "CVE-2021-22277",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22277",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-380712",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22277",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22277",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2021-22277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22277",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-1832",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-380712",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. System 800xA , BaseSoftware , compact product suite etc. multiple ABB The product contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "VULHUB",
"id": "VHN-380712"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22277",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-380712",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"id": "VAR-202204-1451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
}
],
"trust": 0.6769231
},
"last_update_date": "2024-08-14T13:22:23.746000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABB System 800xA Base Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188574"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://search.abb.com/library/download.aspx?documentid=7paa001499\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22277"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-22277/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=7paa001499\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-380712"
},
{
"date": "2023-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"date": "2022-04-01T23:15:08.833000",
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-380712"
},
{
"date": "2023-07-19T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"date": "2022-04-11T14:54:51.233000",
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ABB\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
],
"trust": 0.6
}
}
CVE-2021-22277 (GCVE-0-2021-22277)
Vulnerability from nvd – Published: 2022-04-01 22:17 – Updated: 2024-09-17 01:41
VLAI?
Title
AC 800M MMS - Denial of Service vulnerability in MMS communication
Summary
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | 800xA, Control Software for AC 800M |
Affected:
5.1.0-0 , < unspecified
(custom)
Affected: unspecified , ≤ 5.1.0-3 (custom) Affected: 5.1.1-0 , < unspecified (custom) Affected: unspecified , ≤ 5.1.1-4 (custom) Affected: 6.0.0-0 , < unspecified (custom) Affected: unspecified , ≤ 6.0.0-3 (custom) Affected: 6.1.0-0 , < unspecified (custom) Affected: unspecified , ≤ 6.1.1-1 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA, Control Software for AC 800M",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.x"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "Compact Product Suite - Control and I/O",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ABB Base Software for SoftControl",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2022-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:43",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AC 800M MMS - Denial of Service vulnerability in MMS communication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2022-02-17T10:33:00.000Z",
"ID": "CVE-2021-22277",
"STATE": "PUBLIC",
"TITLE": "AC 800M MMS - Denial of Service vulnerability in MMS communication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA, Control Software for AC 800M",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
},
{
"product_name": "Control Builder Safe",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.x"
},
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
},
{
"product_name": "Compact Product Suite - Control and I/O",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
},
{
"product_name": "ABB Base Software for SoftControl",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22277",
"datePublished": "2022-04-01T22:17:43.044264Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T01:41:41.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8485 (GCVE-0-2020-8485)
Vulnerability from nvd – Published: 2020-04-29 01:59 – Updated: 2024-08-04 10:03
VLAI?
Title
ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
Severity ?
7.8 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | 800xA for MOD300 |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA for MOD300",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:59:04",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8485",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA for MOD300",
"version": {
"version_data": [
{
"version_affected": "undefined",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8485",
"datePublished": "2020-04-29T01:59:04",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8484 (GCVE-0-2020-8484)
Vulnerability from nvd – Published: 2020-04-29 01:58 – Updated: 2024-08-04 10:03
VLAI?
Title
ABB System 800xA Inter process communication vulnerability - 800xA for DCI
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
Severity ?
7.8 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | 800xA for DCI |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA for DCI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:58:57",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Inter process communication vulnerability - 800xA for DCI",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8484",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Inter process communication vulnerability - 800xA for DCI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA for DCI",
"version": {
"version_data": [
{
"version_affected": "undefined",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8484",
"datePublished": "2020-04-29T01:58:57",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22277 (GCVE-0-2021-22277)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-09-17 01:41
VLAI?
Title
AC 800M MMS - Denial of Service vulnerability in MMS communication
Summary
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | 800xA, Control Software for AC 800M |
Affected:
5.1.0-0 , < unspecified
(custom)
Affected: unspecified , ≤ 5.1.0-3 (custom) Affected: 5.1.1-0 , < unspecified (custom) Affected: unspecified , ≤ 5.1.1-4 (custom) Affected: 6.0.0-0 , < unspecified (custom) Affected: unspecified , ≤ 6.0.0-3 (custom) Affected: 6.1.0-0 , < unspecified (custom) Affected: unspecified , ≤ 6.1.1-1 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA, Control Software for AC 800M",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.x"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "Compact Product Suite - Control and I/O",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ABB Base Software for SoftControl",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2022-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:43",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AC 800M MMS - Denial of Service vulnerability in MMS communication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2022-02-17T10:33:00.000Z",
"ID": "CVE-2021-22277",
"STATE": "PUBLIC",
"TITLE": "AC 800M MMS - Denial of Service vulnerability in MMS communication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA, Control Software for AC 800M",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
},
{
"product_name": "Control Builder Safe",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.x"
},
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
},
{
"product_name": "Compact Product Suite - Control and I/O",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
},
{
"product_name": "ABB Base Software for SoftControl",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22277",
"datePublished": "2022-04-01T22:17:43.044264Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T01:41:41.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8485 (GCVE-0-2020-8485)
Vulnerability from cvelistv5 – Published: 2020-04-29 01:59 – Updated: 2024-08-04 10:03
VLAI?
Title
ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
Severity ?
7.8 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | 800xA for MOD300 |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA for MOD300",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:59:04",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8485",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA for MOD300",
"version": {
"version_data": [
{
"version_affected": "undefined",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8485",
"datePublished": "2020-04-29T01:59:04",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8484 (GCVE-0-2020-8484)
Vulnerability from cvelistv5 – Published: 2020-04-29 01:58 – Updated: 2024-08-04 10:03
VLAI?
Title
ABB System 800xA Inter process communication vulnerability - 800xA for DCI
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
Severity ?
7.8 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | 800xA for DCI |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA for DCI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:58:57",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Inter process communication vulnerability - 800xA for DCI",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8484",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Inter process communication vulnerability - 800xA for DCI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA for DCI",
"version": {
"version_data": [
{
"version_affected": "undefined",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8484",
"datePublished": "2020-04-29T01:58:57",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}