Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for System 800xA Base by ABB

    VAR-202004-2173

    Vulnerability from variot - Updated: 2024-11-23 21:35

    Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. ABB System 800xA Information Manager Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company.

    ABB System 800xA Base has an authorization vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2173",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "system 800xa base",
            "scope": null,
            "trust": 1.4,
            "vendor": "abb",
            "version": null
          },
          {
            "model": "800xa base system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "abb",
            "version": "6.0.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "800xa base system",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8474"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:800xa_base_system",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          }
        ]
      },
      "cve": "CVE-2020-8474",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-8474",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004734",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-25012",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "e72c0533-0499-4461-92e0-ebce5e995817",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-186599",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-8474",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004734",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-8474",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2020-8474",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-004734",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-25012",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-1905",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e72c0533-0499-4461-92e0-ebce5e995817",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-186599",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186599"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8474"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8474"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. ABB System 800xA Information Manager Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company. \n\r\n\r\nABB System 800xA Base has an authorization vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186599"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-8474",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-154-02",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1905",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU94921886",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1922",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "CBC79F2C-47B2-40AB-ABF7-0014B91B5ECA",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "E72C0533-0499-4461-92E0-EBCE5E995817",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-186599",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186599"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8474"
          }
        ]
      },
      "id": "VAR-202004-2173",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186599"
          }
        ],
        "trust": 1.7666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:51.858000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SECURITY System 800xA Weak Registry Permissions",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB System 800xA Base authorization issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/215501"
          },
          {
            "title": "ABB System 800xA Base Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117005"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-275",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186599"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8474"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8474"
          },
          {
            "trust": 1.6,
            "url": "https://search.abb.com/library/download.aspx?documentid=2paa121221\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8474"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94921886/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1922/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=2paa121221\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186599"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8474"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186599"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8474"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-22T00:00:00",
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "date": "2020-04-22T00:00:00",
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "date": "2020-04-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186599"
          },
          {
            "date": "2020-05-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "date": "2020-04-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          },
          {
            "date": "2020-04-22T15:15:14.643000",
            "db": "NVD",
            "id": "CVE-2020-8474"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186599"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004734"
          },
          {
            "date": "2020-06-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          },
          {
            "date": "2024-11-21T05:38:54.607000",
            "db": "NVD",
            "id": "CVE-2020-8474"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB System 800xA Base Authorization Issue Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
          },
          {
            "db": "IVD",
            "id": "e72c0533-0499-4461-92e0-ebce5e995817"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25012"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-1905"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-2172

    Vulnerability from variot - Updated: 2024-11-23 21:35

    Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. ABB System 800xA Base Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company.

    ABB System 800xA Base 6.1 and previous versions have security vulnerabilities. Attackers can use this vulnerability to elevate permissions. Cause the system function to terminate and destroy the user's application program

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2172",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "800xa base system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "abb",
            "version": "6.1"
          },
          {
            "model": "system 800xa base",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "abb",
            "version": "6.1"
          },
          {
            "model": "system 800xa base",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "abb",
            "version": "\u003c=6.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "800xa base system",
            "version": "*"
          },
          {
            "model": "800xa base system",
            "scope": "eq",
            "trust": 0.1,
            "vendor": "abb",
            "version": "6.1"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8473"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:800xa_base_system",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          }
        ]
      },
      "cve": "CVE-2020-8473",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-8473",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005095",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-27099",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "266576f9-6cf9-474f-b47e-933ff53bbb24",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-186598",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-8473",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cybersecurity@ch.abb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "id": "CVE-2020-8473",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005095",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-8473",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2020-8473",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-005095",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-27099",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2360",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "266576f9-6cf9-474f-b47e-933ff53bbb24",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-186598",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-8473",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186598"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8473"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8473"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. ABB System 800xA Base Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company. \n\r\n\r\nABB System 800xA Base 6.1 and previous versions have security vulnerabilities. Attackers can use this vulnerability to elevate permissions. Cause the system function to terminate and destroy the user\u0027s application program",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186598"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8473"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-8473",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-154-01",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2360",
            "trust": 1.1
          },
          {
            "db": "JVN",
            "id": "JVNVU94921886",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1921",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "266576F9-6CF9-474F-B47E-933FF53BBB24",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "AEB8BEFA-F856-4630-BB56-DFCFB9DFB96A",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-186598",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8473",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186598"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8473"
          }
        ]
      },
      "id": "VAR-202004-2172",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186598"
          }
        ],
        "trust": 1.7666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:51.775000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SECURITY System 800xA Weak File Permissions",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "title": "Patch for ABB System 800xA Base has an unknown vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/216657"
          },
          {
            "title": "ABB System 800xA Base Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117446"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8473"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8473"
          },
          {
            "trust": 1.7,
            "url": "https://search.abb.com/library/download.aspx?documentid=2paa121106\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8473"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94921886/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1921/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=2paa121106\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/732.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186598"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8473"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186598"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8473"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-28T00:00:00",
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "date": "2020-05-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "date": "2020-04-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186598"
          },
          {
            "date": "2020-04-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8473"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          },
          {
            "date": "2020-04-29T00:15:12.203000",
            "db": "NVD",
            "id": "CVE-2020-8473"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-27099"
          },
          {
            "date": "2020-05-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186598"
          },
          {
            "date": "2020-05-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8473"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          },
          {
            "date": "2020-06-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          },
          {
            "date": "2024-11-21T05:38:54.493000",
            "db": "NVD",
            "id": "CVE-2020-8473"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB System 800xA Base Vulnerability in improper permission assignment for critical resources in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005095"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "266576f9-6cf9-474f-b47e-933ff53bbb24"
          },
          {
            "db": "IVD",
            "id": "aeb8befa-f856-4630-bb56-dfcfb9dfb96a"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2360"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202004-2166

    Vulnerability from variot - Updated: 2024-11-23 21:35

    Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. ABB System 800xA Base There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company.

    ABB System 800xA Base (all versions) has a vulnerability in permissions and access control issues

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2166",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "system 800xa base",
            "scope": null,
            "trust": 1.4,
            "vendor": "abb",
            "version": null
          },
          {
            "model": "800xa base system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "abb",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "800xa base system",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a"
          },
          {
            "db": "IVD",
            "id": "63e16e8b-a907-4e29-a713-0e17f8203270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8487"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:abb:800xa_base_system",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          }
        ]
      },
      "cve": "CVE-2020-8487",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-8487",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005102",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-27096",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "63e16e8b-a907-4e29-a713-0e17f8203270",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-186612",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-8487",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cybersecurity@ch.abb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-8487",
                "impactScore": 4.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-005102",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-8487",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cybersecurity@ch.abb.com",
                "id": "CVE-2020-8487",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-005102",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-27096",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2373",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "63e16e8b-a907-4e29-a713-0e17f8203270",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-186612",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-8487",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a"
          },
          {
            "db": "IVD",
            "id": "63e16e8b-a907-4e29-a713-0e17f8203270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186612"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8487"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8487"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. ABB System 800xA Base There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company. \n\r\n\r\nABB System 800xA Base (all versions) has a vulnerability in permissions and access control issues",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "db": "IVD",
            "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a"
          },
          {
            "db": "IVD",
            "id": "63e16e8b-a907-4e29-a713-0e17f8203270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186612"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8487"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-8487",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-154-03",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2373",
            "trust": 1.1
          },
          {
            "db": "JVN",
            "id": "JVNVU94921886",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1923",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "0FC0B57B-C7DD-46C6-B2BD-4AC105F5245A",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "63E16E8B-A907-4E29-A713-0E17F8203270",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-186612",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8487",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a"
          },
          {
            "db": "IVD",
            "id": "63e16e8b-a907-4e29-a713-0e17f8203270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186612"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8487"
          }
        ]
      },
      "id": "VAR-202004-2166",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a"
          },
          {
            "db": "IVD",
            "id": "63e16e8b-a907-4e29-a713-0e17f8203270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186612"
          }
        ],
        "trust": 1.7666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a"
          },
          {
            "db": "IVD",
            "id": "63e16e8b-a907-4e29-a713-0e17f8203270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:51.557000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SECURITY Interprocess communication vulnerability in System 800xA",
            "trust": 0.8,
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8487"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8487"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8487"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94921886/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
          },
          {
            "trust": 0.1,
            "url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186612"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8487"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a"
          },
          {
            "db": "IVD",
            "id": "63e16e8b-a907-4e29-a713-0e17f8203270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186612"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8487"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8487"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-28T00:00:00",
            "db": "IVD",
            "id": "0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "IVD",
            "id": "63e16e8b-a907-4e29-a713-0e17f8203270"
          },
          {
            "date": "2020-05-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "date": "2020-04-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186612"
          },
          {
            "date": "2020-04-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8487"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2373"
          },
          {
            "date": "2020-04-29T02:15:12.343000",
            "db": "NVD",
            "id": "CVE-2020-8487"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-27096"
          },
          {
            "date": "2020-05-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186612"
          },
          {
            "date": "2020-05-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8487"
          },
          {
            "date": "2020-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          },
          {
            "date": "2020-06-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2373"
          },
          {
            "date": "2024-11-21T05:38:55.850000",
            "db": "NVD",
            "id": "CVE-2020-8487"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2373"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ABB System 800xA Base Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-005102"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2373"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2020-8487 (GCVE-0-2020-8487)

    Vulnerability from nvd – Published: 2020-04-29 01:59 – Updated: 2024-08-04 10:03
    VLAI
    Title
    ABB System 800xA Inter process communication vulnerability - System 800xA Base
    Summary
    Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB System 800xA Base Affected: all versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:45.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System 800xA Base",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-29T01:59:28.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB System 800xA Inter process communication vulnerability - System 800xA Base",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2020-8487",
              "STATE": "PUBLIC",
              "TITLE": "ABB System 800xA Inter process communication vulnerability - System 800xA Base"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System 800xA Base",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "undefined",
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-8487",
        "datePublished": "2020-04-29T01:59:28.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:45.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8473 (GCVE-0-2020-8473)

    Vulnerability from nvd – Published: 2020-04-28 23:52 – Updated: 2024-08-04 10:03
    VLAI
    Title
    ABB System 800xA Weak File Permissions - ABB System 800xA Base
    Summary
    Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB System 800xA Base Affected: 6.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:44.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System 800xA Base",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-28T23:52:44.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB System 800xA Weak File Permissions - ABB System 800xA Base",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2020-8473",
              "STATE": "PUBLIC",
              "TITLE": "ABB System 800xA Weak File Permissions - ABB System 800xA Base"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System 800xA Base",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-8473",
        "datePublished": "2020-04-28T23:52:44.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:44.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8474 (GCVE-0-2020-8474)

    Vulnerability from nvd – Published: 2020-04-22 14:18 – Updated: 2024-08-04 10:03
    VLAI
    Title
    ABB System 800xA Weak Registry Permissions
    Summary
    Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.
    CWE
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB System 800xA Base Affected: unspecified , ≤ 6.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:44.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System 800xA Base",
              "vendor": "ABB",
              "versions": [
                {
                  "lessThanOrEqual": "6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-275",
                  "description": "CWE-275 Permission Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-22T14:18:35.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "defect": [
              "800xASYS-OL-5120-00197"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "ABB System 800xA Weak Registry Permissions",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2020-8474",
              "STATE": "PUBLIC",
              "TITLE": "ABB System 800xA Weak Registry Permissions"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System 800xA Base",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-275 Permission Issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "MISC",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "defect": [
                "800xASYS-OL-5120-00197"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-8474",
        "datePublished": "2020-04-22T14:18:35.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:44.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8487 (GCVE-0-2020-8487)

    Vulnerability from cvelistv5 – Published: 2020-04-29 01:59 – Updated: 2024-08-04 10:03
    VLAI
    Title
    ABB System 800xA Inter process communication vulnerability - System 800xA Base
    Summary
    Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB System 800xA Base Affected: all versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:45.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System 800xA Base",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-29T01:59:28.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB System 800xA Inter process communication vulnerability - System 800xA Base",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2020-8487",
              "STATE": "PUBLIC",
              "TITLE": "ABB System 800xA Inter process communication vulnerability - System 800xA Base"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System 800xA Base",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "undefined",
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-8487",
        "datePublished": "2020-04-29T01:59:28.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:45.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8473 (GCVE-0-2020-8473)

    Vulnerability from cvelistv5 – Published: 2020-04-28 23:52 – Updated: 2024-08-04 10:03
    VLAI
    Title
    ABB System 800xA Weak File Permissions - ABB System 800xA Base
    Summary
    Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB System 800xA Base Affected: 6.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:44.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System 800xA Base",
              "vendor": "ABB",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-28T23:52:44.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ABB System 800xA Weak File Permissions - ABB System 800xA Base",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2020-8473",
              "STATE": "PUBLIC",
              "TITLE": "ABB System 800xA Weak File Permissions - ABB System 800xA Base"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System 800xA Base",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "CONFIRM",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-8473",
        "datePublished": "2020-04-28T23:52:44.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:44.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8474 (GCVE-0-2020-8474)

    Vulnerability from cvelistv5 – Published: 2020-04-22 14:18 – Updated: 2024-08-04 10:03
    VLAI
    Title
    ABB System 800xA Weak Registry Permissions
    Summary
    Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.
    CWE
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    ABB System 800xA Base Affected: unspecified , ≤ 6.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:44.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System 800xA Base",
              "vendor": "ABB",
              "versions": [
                {
                  "lessThanOrEqual": "6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-275",
                  "description": "CWE-275 Permission Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-22T14:18:35.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "defect": [
              "800xASYS-OL-5120-00197"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "ABB System 800xA Weak Registry Permissions",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2020-8474",
              "STATE": "PUBLIC",
              "TITLE": "ABB System 800xA Weak Registry Permissions"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System 800xA Base",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ABB"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-275 Permission Issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
                  "refsource": "MISC",
                  "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
                }
              ]
            },
            "source": {
              "defect": [
                "800xASYS-OL-5120-00197"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-8474",
        "datePublished": "2020-04-22T14:18:35.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:44.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }