Lucene search

[email protected]CVE-2020-8472

HistoryApr 29, 2020 - 12:15 a.m.

CVE-2020-8472

2020-04-2900:15:12

CWE-732

[email protected]

web.nvd.nist.gov

cve-2020-8472

abb

system 800xa

opcserver

ac800m

control builder m professional

mmsserver

softcontrol

vulnerability

privilege escalation

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.

Affected configurations

NVD

Node

abbac800mMatch-

AND

abbcontrol_builder_mRange≤6.1professional

abbmms_serverRange≤6.1

abbopc_serverRange≤6.0

Node

abbbase_softwareRange≤6.1softcontrol

CPENameOperatorVersion
abb:control_builder_mabb control builder mle6.1
abb:mms_serverabb mms serverle6.1
abb:opc_serverabb opc serverle6.0

CPE	Name	Operator	Version
abb:control_builder_m	abb control builder m	le	6.1
abb:mms_server	abb mms server	le	6.1
abb:opc_server	abb opc server	le	6.0

CNA Affected

[
  {
    "product": "OPC Server for AC 800M",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "6.0 and earlier"
      }
    ]
  },
  {
    "product": "Control Builder M Professional",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "6.1 and earlier"
      }
    ]
  },
  {
    "product": "MMS Server for AC 800M",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "6.1 and earlier"
      }
    ]
  },
  {
    "product": "Base Software for SoftControl",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "6.1 and earlier"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=en&DocumentPartId=&Action=Launch

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-8472

nessus1 nvd1 cvelist1 prion1 ics1