Search criteria
11 vulnerabilities found for System 800xA by ABB
CVE-2024-10334 (GCVE-0-2024-10334)
Vulnerability from nvd – Published: 2025-02-10 15:02 – Updated: 2025-02-12 15:44
VLAI?
Title
Camera passwords stored in clear text
Summary
A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.
An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.
This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.
Severity ?
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | System 800xA |
Affected:
5.1.x
(custom)
Affected: 6.0.3.x (custom) Affected: 6.1.1.x (custom) Affected: 6.2.x (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:32:43.860502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:44:32.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System 800xA",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.0.3.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.1.1.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.2.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-02-10T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.\u0026nbsp;\n\nAn attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.\u00a0\n\nAn attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.\nThis issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:02:58.369Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Camera passwords stored in clear text",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-10334",
"datePublished": "2025-02-10T15:02:58.369Z",
"dateReserved": "2024-10-24T08:42:37.599Z",
"dateUpdated": "2025-02-12T15:44:32.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10334 (GCVE-0-2024-10334)
Vulnerability from cvelistv5 – Published: 2025-02-10 15:02 – Updated: 2025-02-12 15:44
VLAI?
Title
Camera passwords stored in clear text
Summary
A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.
An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.
This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.
Severity ?
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | System 800xA |
Affected:
5.1.x
(custom)
Affected: 6.0.3.x (custom) Affected: 6.1.1.x (custom) Affected: 6.2.x (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:32:43.860502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:44:32.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System 800xA",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.0.3.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.1.1.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.2.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-02-10T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.\u0026nbsp;\n\nAn attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.\u00a0\n\nAn attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.\nThis issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:02:58.369Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Camera passwords stored in clear text",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-10334",
"datePublished": "2025-02-10T15:02:58.369Z",
"dateReserved": "2024-10-24T08:42:37.599Z",
"dateUpdated": "2025-02-12T15:44:32.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202004-2161
Vulnerability from variot - Updated: 2024-11-23 21:35For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling. plural ABB The product is blind XPath An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB Company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "5.1"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.1"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.3"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "5.1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.1-1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.3-2"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "1.0"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "1.1"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "2.0"
},
{
"model": "compact hmi",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "control builder safe",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8479"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"db": "NVD",
"id": "CVE-2020-8479"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:compact_hmi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:control_builder_safe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
}
]
},
"cve": "CVE-2020-8479",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8479",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005099",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-186604",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8479",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8479",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005099",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8479",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8479",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005099",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2369",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-186604",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-8479",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186604"
},
{
"db": "VULMON",
"id": "CVE-2020-8479"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2369"
},
{
"db": "NVD",
"id": "CVE-2020-8479"
},
{
"db": "NVD",
"id": "CVE-2020-8479"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling. plural ABB The product is blind XPath An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB Company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8479"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"db": "VULHUB",
"id": "VHN-186604"
},
{
"db": "VULMON",
"id": "CVE-2020-8479"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8479",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-04",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005099",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2369",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1926",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186604",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8479",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186604"
},
{
"db": "VULMON",
"id": "CVE-2020-8479"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2369"
},
{
"db": "NVD",
"id": "CVE-2020-8479"
}
]
},
"id": "VAR-202004-2161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186604"
}
],
"trust": 0.66623935
},
"last_update_date": "2024-11-23T21:35:52.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "SECURITY Multiple Vulnerabilities in ABB Central Licensing System",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-91",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186604"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"db": "NVD",
"id": "CVE-2020-8479"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=3cca2020-003309\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8479"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8479"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1926/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3cca2020-003309\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/91.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186604"
},
{
"db": "VULMON",
"id": "CVE-2020-8479"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2369"
},
{
"db": "NVD",
"id": "CVE-2020-8479"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186604"
},
{
"db": "VULMON",
"id": "CVE-2020-8479"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2369"
},
{
"db": "NVD",
"id": "CVE-2020-8479"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186604"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8479"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2369"
},
{
"date": "2020-04-29T02:15:11.827000",
"db": "NVD",
"id": "CVE-2020-8479"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-186604"
},
{
"date": "2020-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8479"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005099"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2369"
},
{
"date": "2024-11-21T05:38:55.193000",
"db": "NVD",
"id": "CVE-2020-8479"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2369"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABB Blinds in the product XPath Injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005099"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2369"
}
],
"trust": 0.6
}
}
VAR-202004-2170
Vulnerability from variot - Updated: 2024-11-23 21:35For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code. plural ABB The product contains a vulnerability related to improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB (ABB) company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. Central Licensing Server is one of the license servers. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products. An attacker could exploit this vulnerability to block license processing, escalate privileges, and execute arbitrary code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "1.0"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "5.1"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "1.1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "5.1"
},
{
"model": "compact hmi",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "control builder safe",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"db": "NVD",
"id": "CVE-2020-8471"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:compact_hmi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:control_builder_safe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
}
]
},
"cve": "CVE-2020-8471",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8471",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005093",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186596",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8471",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005093",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8471",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8471",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005093",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2367",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186596",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8471",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186596"
},
{
"db": "VULMON",
"id": "CVE-2020-8471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2367"
},
{
"db": "NVD",
"id": "CVE-2020-8471"
},
{
"db": "NVD",
"id": "CVE-2020-8471"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code. plural ABB The product contains a vulnerability related to improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB (ABB) company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. Central Licensing Server is one of the license servers. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products. An attacker could exploit this vulnerability to block license processing, escalate privileges, and execute arbitrary code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"db": "VULHUB",
"id": "VHN-186596"
},
{
"db": "VULMON",
"id": "CVE-2020-8471"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8471",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-04",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005093",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2367",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1926",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186596",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8471",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186596"
},
{
"db": "VULMON",
"id": "CVE-2020-8471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2367"
},
{
"db": "NVD",
"id": "CVE-2020-8471"
}
]
},
"id": "VAR-202004-2170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186596"
}
],
"trust": 0.66623935
},
"last_update_date": "2024-11-23T21:35:52.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "SECURITY Multiple Vulnerabilities in ABB Central Licensing System",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
},
{
"problemtype": "CWE-275",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"db": "NVD",
"id": "CVE-2020-8471"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8471"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8471"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1926/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186596"
},
{
"db": "VULMON",
"id": "CVE-2020-8471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2367"
},
{
"db": "NVD",
"id": "CVE-2020-8471"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186596"
},
{
"db": "VULMON",
"id": "CVE-2020-8471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2367"
},
{
"db": "NVD",
"id": "CVE-2020-8471"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186596"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8471"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2367"
},
{
"date": "2020-04-29T02:15:11.530000",
"db": "NVD",
"id": "CVE-2020-8471"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-186596"
},
{
"date": "2020-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8471"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005093"
},
{
"date": "2020-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2367"
},
{
"date": "2024-11-21T05:38:54.237000",
"db": "NVD",
"id": "CVE-2020-8471"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABB Inappropriate default permissions in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005093"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2367"
}
],
"trust": 0.6
}
}
VAR-202004-2164
Vulnerability from variot - Updated: 2024-11-23 21:35Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. MOD 300 for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for MOD 300 is a set of distributed control system for MOD 300 of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa for mod",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "300"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "800xa",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
}
]
},
"cve": "CVE-2020-8485",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8485",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005047",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-27094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186610",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8485",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005047",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8485",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8485",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005047",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-27094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186610",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. MOD 300 for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for MOD 300 is a set of distributed control system for MOD 300 of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8485",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-03",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-27094",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1923",
"trust": 0.6
},
{
"db": "IVD",
"id": "A95FE2E9-2AD9-4397-ACEE-B75AEA6365AA",
"trust": 0.2
},
{
"db": "IVD",
"id": "58F66F62-2F58-4515-806D-A715CBB1ED80",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186610",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8485",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"id": "VAR-202004-2164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
}
]
},
"last_update_date": "2024-11-23T21:35:52.014000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY Interprocess communication vulnerability in System 800xA",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8485"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8485"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186610"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"date": "2020-04-29T02:15:12.203000",
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"date": "2020-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-186610"
},
{
"date": "2020-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"date": "2020-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2372"
},
{
"date": "2024-11-21T05:38:55.647000",
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOD 300 for ABB System 800xA Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
],
"trust": 0.6
}
}
VAR-202004-2160
Vulnerability from variot - Updated: 2024-11-23 21:35Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. ABB System 800xA OPC Server , MMS Server , Base Software There is an injection vulnerability in.Information may be tampered with. ABB Ability System 800xA is a set of distributed control system for industrial control industry of Swiss ABB company.
ABB System 800xA (all versions) has a vulnerability in permissions and access control issues. Local attackers can use this vulnerability to inject data and affect the runtime data view displayed in Control Builder
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "base software",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "mms server",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "opc server",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "basesoftware",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "for softcontrol"
},
{
"model": "mmsserver",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "opcserver",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "mms server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "opc server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "base",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"db": "VULMON",
"id": "CVE-2020-8478"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"db": "NVD",
"id": "CVE-2020-8478"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:base_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:mms_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:opc_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
}
]
},
"cve": "CVE-2020-8478",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8478",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005098",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-27092",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "a1528372-cc95-4561-8b06-d005517efc9b",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-186603",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8478",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8478",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005098",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8478",
"trust": 1.0,
"value": "LOW"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8478",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005098",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2020-27092",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2368",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-186603",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-8478",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"db": "VULHUB",
"id": "VHN-186603"
},
{
"db": "VULMON",
"id": "CVE-2020-8478"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2368"
},
{
"db": "NVD",
"id": "CVE-2020-8478"
},
{
"db": "NVD",
"id": "CVE-2020-8478"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. ABB System 800xA OPC Server , MMS Server , Base Software There is an injection vulnerability in.Information may be tampered with. ABB Ability System 800xA is a set of distributed control system for industrial control industry of Swiss ABB company. \n\r\n\r\nABB System 800xA (all versions) has a vulnerability in permissions and access control issues. Local attackers can use this vulnerability to inject data and affect the runtime data view displayed in Control Builder",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8478"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"db": "VULHUB",
"id": "VHN-186603"
},
{
"db": "VULMON",
"id": "CVE-2020-8478"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8478",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-03",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-27092",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2368",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005098",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1923",
"trust": 0.6
},
{
"db": "IVD",
"id": "312DC9A8-3CA7-47CE-9FA3-94E1861C2182",
"trust": 0.2
},
{
"db": "IVD",
"id": "A1528372-CC95-4561-8B06-D005517EFC9B",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186603",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8478",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"db": "VULHUB",
"id": "VHN-186603"
},
{
"db": "VULMON",
"id": "CVE-2020-8478"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2368"
},
{
"db": "NVD",
"id": "CVE-2020-8478"
}
]
},
"id": "VAR-202004-2160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"db": "VULHUB",
"id": "VHN-186603"
}
],
"trust": 0.11000000000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"db": "CNVD",
"id": "CNVD-2020-27092"
}
]
},
"last_update_date": "2024-11-23T21:35:51.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY Inter process communication vulnerability in System 800xA",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
},
{
"problemtype": "CWE-264",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186603"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"db": "NVD",
"id": "CVE-2020-8478"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8478"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8478"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"db": "VULHUB",
"id": "VHN-186603"
},
{
"db": "VULMON",
"id": "CVE-2020-8478"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2368"
},
{
"db": "NVD",
"id": "CVE-2020-8478"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"db": "VULHUB",
"id": "VHN-186603"
},
{
"db": "VULMON",
"id": "CVE-2020-8478"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2368"
},
{
"db": "NVD",
"id": "CVE-2020-8478"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186603"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8478"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2368"
},
{
"date": "2020-04-29T02:15:11.763000",
"db": "NVD",
"id": "CVE-2020-8478"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27092"
},
{
"date": "2020-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-186603"
},
{
"date": "2020-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8478"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005098"
},
{
"date": "2020-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2368"
},
{
"date": "2024-11-21T05:38:55.077000",
"db": "NVD",
"id": "CVE-2020-8478"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2368"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABB System 800xA Product injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "IVD",
"id": "312dc9a8-3ca7-47ce-9fa3-94e1861c2182"
},
{
"db": "IVD",
"id": "a1528372-cc95-4561-8b06-d005517efc9b"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2368"
}
],
"trust": 1.0
}
}
VAR-202004-2163
Vulnerability from variot - Updated: 2024-11-23 21:35Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. DCI for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for DCI is a set of distributed control system for DCI of Swiss ABB company.
ABB System 800xA for DCI (all versions) has a permission permission and access control problem vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa for dci",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "800xa",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
}
]
},
"cve": "CVE-2020-8484",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005101",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-27093",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186609",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8484",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005101",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005101",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-27093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186609",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. DCI for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for DCI is a set of distributed control system for DCI of Swiss ABB company. \n\r\n\r\nABB System 800xA for DCI (all versions) has a permission permission and access control problem vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8484",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-03",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-27093",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1923",
"trust": 0.6
},
{
"db": "IVD",
"id": "E609A386-F11A-4898-9A3B-E88BBB68E47E",
"trust": 0.2
},
{
"db": "IVD",
"id": "EC013E68-1DD8-40C6-909F-CEA3C685A26E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186609",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8484",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"id": "VAR-202004-2163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
}
]
},
"last_update_date": "2024-11-23T21:35:51.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY Interprocess communication vulnerability in System 800xA",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8484"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8484"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186609"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"date": "2020-04-29T02:15:12.013000",
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-186609"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2371"
},
{
"date": "2024-11-21T05:38:55.543000",
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DCI for ABB System 800xA Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
],
"trust": 0.6
}
}
VAR-202004-2162
Vulnerability from variot - Updated: 2024-11-23 21:35For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. plural ABB The product contains a vulnerability related to information leakage.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and others are products of Swiss ABB company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity security application.
There are information disclosure vulnerabilities in many ABB products. The vulnerability stems from programs writing sensitive information to unprotected files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "5.1"
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "opcserver for ac800m",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0"
},
{
"model": "control builder mprofessional",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0"
},
{
"model": "mmsserver for ac800m",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0"
},
{
"model": "base software for softcontrol",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=6.0"
},
{
"model": "ability system 800xa and related system extensions",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "5.1"
},
{
"model": "ability system 800xa and related system extensions",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.0"
},
{
"model": "ability system 800xa and related system extensions",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "5.1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.0"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.0"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.1"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "2.0"
},
{
"model": "ability symphony plus s+ operations",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "-\u003e=3.0,\u003c=3.2"
},
{
"model": "ability symphony plus s+ engineering",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "-\u003e=1.1,\u003c=2.2"
},
{
"model": "composer harmony",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "5.1"
},
{
"model": "composer harmony",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.0"
},
{
"model": "composer harmony",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.1"
},
{
"model": "composer melody",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.05.3"
},
{
"model": "composer melody",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.06.1"
},
{
"model": "composer melody",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.06.2"
},
{
"model": "composer melody",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.06.3"
},
{
"model": "harmony opc server",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.0"
},
{
"model": "harmony opc server",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.1"
},
{
"model": "harmony opc server",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "7.0"
},
{
"model": "ability system 800xa advant ocs control builder a",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "/1.3"
},
{
"model": "ability system 800xa advant ocs control builder a",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "/1.4"
},
{
"model": "advant ocs ac opc server",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1005.1"
},
{
"model": "advant ocs ac opc server",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1006.0"
},
{
"model": "advant ocs ac opc server",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1006.1"
},
{
"model": "composer ctk",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.1"
},
{
"model": "composer ctk",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6.2"
},
{
"model": "advabuild sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "3.7"
},
{
"model": "advabuild sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "3.7"
},
{
"model": "opc server mod",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "3001.4"
},
{
"model": "opc data link",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "2.1"
},
{
"model": "opc data link",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "2.2"
},
{
"model": "ability knowledge manager",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "8.0"
},
{
"model": "ability knowledge manager",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.0"
},
{
"model": "ability knowledge manager",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "9.1"
},
{
"model": "ability manufacturing operations management",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1812"
},
{
"model": "ability manufacturing operations management",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1909"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"db": "VULMON",
"id": "CVE-2020-8481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"db": "NVD",
"id": "CVE-2020-8481"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
}
]
},
"cve": "CVE-2020-8481",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8481",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-005100",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-32228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-186606",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8481",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005100",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8481",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8481",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005100",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-32228",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2370",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-186606",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-8481",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"db": "VULHUB",
"id": "VHN-186606"
},
{
"db": "VULMON",
"id": "CVE-2020-8481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2370"
},
{
"db": "NVD",
"id": "CVE-2020-8481"
},
{
"db": "NVD",
"id": "CVE-2020-8481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. plural ABB The product contains a vulnerability related to information leakage.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and others are products of Swiss ABB company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity security application. \n\r\n\r\nThere are information disclosure vulnerabilities in many ABB products. The vulnerability stems from programs writing sensitive information to unprotected files",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"db": "VULHUB",
"id": "VHN-186606"
},
{
"db": "VULMON",
"id": "CVE-2020-8481"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8481",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-04",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005100",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-32228",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2370",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1926",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186606",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8481",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"db": "VULHUB",
"id": "VHN-186606"
},
{
"db": "VULMON",
"id": "CVE-2020-8481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2370"
},
{
"db": "NVD",
"id": "CVE-2020-8481"
}
]
},
"id": "VAR-202004-2162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"db": "VULHUB",
"id": "VHN-186606"
}
],
"trust": 1.619754517368421
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32228"
}
]
},
"last_update_date": "2024-11-23T21:35:51.739000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "SECURITY Multiple Vulnerabilities in ABB Central Licensing System",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-922",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"db": "NVD",
"id": "CVE-2020-8481"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8481"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8481"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1926/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"db": "VULHUB",
"id": "VHN-186606"
},
{
"db": "VULMON",
"id": "CVE-2020-8481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2370"
},
{
"db": "NVD",
"id": "CVE-2020-8481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"db": "VULHUB",
"id": "VHN-186606"
},
{
"db": "VULMON",
"id": "CVE-2020-8481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2370"
},
{
"db": "NVD",
"id": "CVE-2020-8481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186606"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8481"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2370"
},
{
"date": "2020-04-29T02:15:11.907000",
"db": "NVD",
"id": "CVE-2020-8481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32228"
},
{
"date": "2021-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-186606"
},
{
"date": "2020-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8481"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005100"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2370"
},
{
"date": "2024-11-21T05:38:55.313000",
"db": "NVD",
"id": "CVE-2020-8481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2370"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABB Information leakage vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2370"
}
],
"trust": 0.6
}
}
VAR-202004-2157
Vulnerability from variot - Updated: 2024-11-23 21:35For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service. plural ABB The product contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB Company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa system",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.1"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "2.0"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.1-1"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "6.0"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "5.1"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.3"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "5.1"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.3.3"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "6.1"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "1.0"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "1.1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.3-2"
},
{
"model": "compact hmi",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "control builder safe",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"db": "NVD",
"id": "CVE-2020-8475"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:compact_hmi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:control_builder_safe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
}
]
},
"cve": "CVE-2020-8475",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8475",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005096",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-186600",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8475",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8475",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005096",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8475",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8475",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005096",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2365",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186600",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-8475",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186600"
},
{
"db": "VULMON",
"id": "CVE-2020-8475"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2365"
},
{
"db": "NVD",
"id": "CVE-2020-8475"
},
{
"db": "NVD",
"id": "CVE-2020-8475"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service. plural ABB The product contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB Company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8475"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"db": "VULHUB",
"id": "VHN-186600"
},
{
"db": "VULMON",
"id": "CVE-2020-8475"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8475",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-04",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005096",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2365",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1926",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186600",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8475",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186600"
},
{
"db": "VULMON",
"id": "CVE-2020-8475"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2365"
},
{
"db": "NVD",
"id": "CVE-2020-8475"
}
]
},
"id": "VAR-202004-2157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186600"
}
],
"trust": 0.66623935
},
"last_update_date": "2024-11-23T21:35:51.711000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "SECURITY Multiple Vulnerabilities in ABB Central Licensing System",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"db": "NVD",
"id": "CVE-2020-8475"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=3cca2020-003309\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8475"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8475"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1926/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3cca2020-003309\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186600"
},
{
"db": "VULMON",
"id": "CVE-2020-8475"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2365"
},
{
"db": "NVD",
"id": "CVE-2020-8475"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186600"
},
{
"db": "VULMON",
"id": "CVE-2020-8475"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2365"
},
{
"db": "NVD",
"id": "CVE-2020-8475"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186600"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8475"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2365"
},
{
"date": "2020-04-29T02:15:11.623000",
"db": "NVD",
"id": "CVE-2020-8475"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-186600"
},
{
"date": "2020-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8475"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005096"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2365"
},
{
"date": "2024-11-21T05:38:54.707000",
"db": "NVD",
"id": "CVE-2020-8475"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABB Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005096"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2365"
}
],
"trust": 0.6
}
}
VAR-202004-2158
Vulnerability from variot - Updated: 2024-11-23 21:35For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service. plural ABB The product contains an input verification vulnerability.Information may be tampered with. ABB Ability System 800xA and so on are the products of Swiss ABB (ABB) company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. Central Licensing Server is one of the license servers. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products. An attacker could exploit this vulnerability by sending a specially crafted message to modify the licenses assigned to a system node
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "5.1"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.1"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.3"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.3.3"
},
{
"model": "800xa system",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "5.1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.1-1"
},
{
"model": "compact hmi",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "6.0.3-2"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "1.0"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "1.1"
},
{
"model": "control builder safe",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "2.0"
},
{
"model": "compact hmi",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "control builder safe",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"db": "NVD",
"id": "CVE-2020-8476"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:compact_hmi",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:control_builder_safe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:abb:800xa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
}
]
},
"cve": "CVE-2020-8476",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8476",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005097",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-186601",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8476",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8476",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005097",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8476",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8476",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005097",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2366",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186601",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8476",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186601"
},
{
"db": "VULMON",
"id": "CVE-2020-8476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2366"
},
{
"db": "NVD",
"id": "CVE-2020-8476"
},
{
"db": "NVD",
"id": "CVE-2020-8476"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service. plural ABB The product contains an input verification vulnerability.Information may be tampered with. ABB Ability System 800xA and so on are the products of Swiss ABB (ABB) company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. Central Licensing Server is one of the license servers. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products. An attacker could exploit this vulnerability by sending a specially crafted message to modify the licenses assigned to a system node",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"db": "VULHUB",
"id": "VHN-186601"
},
{
"db": "VULMON",
"id": "CVE-2020-8476"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8476",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-04",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005097",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2366",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1926",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186601",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8476",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186601"
},
{
"db": "VULMON",
"id": "CVE-2020-8476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2366"
},
{
"db": "NVD",
"id": "CVE-2020-8476"
}
]
},
"id": "VAR-202004-2158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186601"
}
],
"trust": 0.66623935
},
"last_update_date": "2024-11-23T21:35:51.598000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "SECURITY Multiple Vulnerabilities in ABB Central Licensing System",
"trust": 0.8,
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186601"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"db": "NVD",
"id": "CVE-2020-8476"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=3cca2020-003309\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8476"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8476"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1926/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121230\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121231\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3cca2020-003309\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186601"
},
{
"db": "VULMON",
"id": "CVE-2020-8476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2366"
},
{
"db": "NVD",
"id": "CVE-2020-8476"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186601"
},
{
"db": "VULMON",
"id": "CVE-2020-8476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2366"
},
{
"db": "NVD",
"id": "CVE-2020-8476"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186601"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8476"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2366"
},
{
"date": "2020-04-29T02:15:11.687000",
"db": "NVD",
"id": "CVE-2020-8476"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-186601"
},
{
"date": "2020-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8476"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005097"
},
{
"date": "2022-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2366"
},
{
"date": "2024-11-21T05:38:54.843000",
"db": "NVD",
"id": "CVE-2020-8476"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2366"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABB Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005097"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2366"
}
],
"trust": 0.6
}
}
VAR-202204-1451
Vulnerability from variot - Updated: 2024-08-14 13:22Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. System 800xA , BaseSoftware , compact product suite etc. multiple ABB The product contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-3"
},
{
"model": "800xa",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "800xa",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-1"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "800xa",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-4"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-3"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "control builder safe",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "3.0"
},
{
"model": "800xa",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-2"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-1"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "control builder safe",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "compact product suite",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "basesoftware",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"cve": "CVE-2021-22277",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22277",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-380712",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22277",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22277",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2021-22277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22277",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-1832",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-380712",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. System 800xA , BaseSoftware , compact product suite etc. multiple ABB The product contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "VULHUB",
"id": "VHN-380712"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22277",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-380712",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"id": "VAR-202204-1451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
}
],
"trust": 0.6769231
},
"last_update_date": "2024-08-14T13:22:23.746000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABB System 800xA Base Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188574"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://search.abb.com/library/download.aspx?documentid=7paa001499\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22277"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-22277/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=7paa001499\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-380712"
},
{
"date": "2023-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"date": "2022-04-01T23:15:08.833000",
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-380712"
},
{
"date": "2023-07-19T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1832"
},
{
"date": "2022-04-11T14:54:51.233000",
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ABB\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
],
"trust": 0.6
}
}