Lucene search

[email protected]CVE-2020-8476

HistoryApr 29, 2020 - 2:15 a.m.

CVE-2020-8476

2020-04-2902:15:11

CWE-20

[email protected]

web.nvd.nist.gov

abb

central licensing server

abb ability system 800xa

compact hmi

control builder safe

symphony plus

composer harmony

melody composer

haopc

advant ocs

opc server

advabuild

opc data link

knowledge manager

manufacturing operations management

scadavantage

cve-2020-8476

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service.

Affected configurations

NVD

Node

abb800xa_systemMatch5.1-

abb800xa_systemMatch5.1feature_pack_4

abb800xa_systemMatch5.1feature_pack_4_revision_d

abb800xa_systemMatch5.1revision_a

abb800xa_systemMatch5.1revision_b

abb800xa_systemMatch5.1revision_c

abb800xa_systemMatch5.1revision_d

abb800xa_systemMatch5.1revision_e

abb800xa_systemMatch5.1revision_e_feature_pack_4

abb800xa_systemMatch6.0

abb800xa_systemMatch6.0.1

abb800xa_systemMatch6.0.3

abb800xa_systemMatch6.0.3.3

abb800xa_systemMatch6.1

abbcompact_hmiMatch5.1-

abbcompact_hmiMatch5.1feature_pack_4_revision_d

abbcompact_hmiMatch5.1revision_b

abbcompact_hmiMatch5.1revision_d

abbcompact_hmiMatch6.0.1-1

abbcompact_hmiMatch6.0.3-2

abbcontrol_builder_safeMatch1.0

abbcontrol_builder_safeMatch1.1

abbcontrol_builder_safeMatch2.0

CPENameOperatorVersion
abb:800xa_systemabb 800xa systemeq5.1
abb:800xa_systemabb 800xa systemeq6.0
abb:800xa_systemabb 800xa systemeq6.0.1
abb:800xa_systemabb 800xa systemeq6.0.3
abb:800xa_systemabb 800xa systemeq6.0.3.3
abb:800xa_systemabb 800xa systemeq6.1
abb:compact_hmiabb compact hmieq5.1
abb:compact_hmiabb compact hmieq6.0.1-1
abb:compact_hmiabb compact hmieq6.0.3-2
abb:control_builder_safeabb control builder safeeq1.0

CPE	Name	Operator	Version
abb:800xa_system	abb 800xa system	eq	5.1
abb:800xa_system	abb 800xa system	eq	6.0
abb:800xa_system	abb 800xa system	eq	6.0.1
abb:800xa_system	abb 800xa system	eq	6.0.3
abb:800xa_system	abb 800xa system	eq	6.0.3.3
abb:800xa_system	abb 800xa system	eq	6.1
abb:compact_hmi	abb compact hmi	eq	5.1
abb:compact_hmi	abb compact hmi	eq	6.0.1-1
abb:compact_hmi	abb compact hmi	eq	6.0.3-2
abb:control_builder_safe	abb control builder safe	eq	1.0

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "vendor": "ABB",
    "product": "Central Licensing System",
    "versions": [
      {
        "version": "5.1",
        "status": "affected",
        "lessThan": "5*",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "ABB Ability System 800xA",
    "versions": [
      {
        "version": "5.1",
        "status": "affected"
      },
      {
        "version": "6.0",
        "status": "affected"
      },
      {
        "version": "6.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Compact HMI",
    "versions": [
      {
        "version": "5.1",
        "status": "affected"
      },
      {
        "version": "6.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Control Builder Safe",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      },
      {
        "version": "1.1",
        "status": "affected"
      },
      {
        "version": "2.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Symphony Plus S+ Operations",
    "versions": [
      {
        "version": "3",
        "status": "affected",
        "lessThanOrEqual": "3.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Symphony Plus S+ Engineering ",
    "versions": [
      {
        "version": "1.1",
        "status": "affected",
        "lessThanOrEqual": "2.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Composer Harmony",
    "versions": [
      {
        "version": "5.1",
        "status": "affected"
      },
      {
        "version": "6.0",
        "status": "affected"
      },
      {
        "version": "6.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Composer Melody ",
    "versions": [
      {
        "version": "5.3",
        "status": "affected"
      },
      {
        "version": "6",
        "status": "affected",
        "lessThanOrEqual": "6.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Harmony OPC Server Standalone",
    "versions": [
      {
        "version": "6.0",
        "status": "affected"
      },
      {
        "version": "6.1",
        "status": "affected"
      },
      {
        "version": "7.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Advant OCS Control Builder A",
    "versions": [
      {
        "version": "1.3",
        "status": "affected"
      },
      {
        "version": "1.4",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Composer CTK",
    "versions": [
      {
        "version": "6.1",
        "status": "affected"
      },
      {
        "version": "6.2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "AdvaBuild",
    "versions": [
      {
        "version": "3.7 SP1",
        "status": "affected"
      },
      {
        "version": "3.7 SP2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "OPC Server for Mod 300 (non-800xA)",
    "versions": [
      {
        "version": "1.4",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "OPC Data Link",
    "versions": [
      {
        "version": "2.1",
        "status": "affected"
      },
      {
        "version": "2.2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Knowledge Manager",
    "versions": [
      {
        "version": "8.0",
        "status": "affected"
      },
      {
        "version": "9.0",
        "status": "affected"
      },
      {
        "version": "9.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Manufacturing Operations Management",
    "versions": [
      {
        "version": "1812",
        "status": "affected"
      },
      {
        "version": "1909",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "Advant  OCS AC 100 OPS Server",
    "versions": [
      {
        "version": "5.1",
        "status": "affected"
      },
      {
        "version": "6.0",
        "status": "affected"
      },
      {
        "version": "6.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ABB",
    "product": "ABB  Ability™ SCADAvantage",
    "versions": [
      {
        "version": "5.1",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "5.6.5",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch

search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch

search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

Related for CVE-2020-8476

cvelist1 prion1 nvd1 nessus5 ics1