Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-8481
HistoryApr 29, 2020 - 2:15 a.m.

CVE-2020-8481

2020-04-2902:15:11
CWE-922
CWE-200
[email protected]
web.nvd.nist.gov
72
abb
abb ability
system 800xa
compact hmi
control builder
symphony plus
composer harmony
melody composer
harmony opc server
advant ocs
opcserver
data link
knowledge manager
manufacturing operations management
vulnerability
cve-2020-8481

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.7%

JSON

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer.

Affected configurations

NVD
Node
abb800xa_systemMatch5.1-
CPENameOperatorVersion
abb:800xa_systemabb 800xa systemeq5.1

CNA Affected

[
  {
    "product": "Central Licensing System",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "5*",
        "status": "affected",
        "version": "5.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ABB Ability System 800xA",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.1"
      }
    ]
  },
  {
    "product": "Compact HMI",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      }
    ]
  },
  {
    "product": "Control Builder Safe",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  },
  {
    "product": "Symphony Plus S+ Operations",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.2",
        "status": "affected",
        "version": "3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Symphony Plus S+ Engineering ",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "2.2",
        "status": "affected",
        "version": "1.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Composer Harmony",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.1"
      }
    ]
  },
  {
    "product": "Composer Melody ",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.3"
      },
      {
        "lessThanOrEqual": "6.3",
        "status": "affected",
        "version": "6",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Harmony OPC Server Standalone",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.1"
      },
      {
        "status": "affected",
        "version": "7.0"
      }
    ]
  },
  {
    "product": "Advant OCS Control Builder A",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "1.3"
      },
      {
        "status": "affected",
        "version": "1.4"
      }
    ]
  },
  {
    "product": "Composer CTK",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "6.1"
      },
      {
        "status": "affected",
        "version": "6.2"
      }
    ]
  },
  {
    "product": "AdvaBuild",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "3.7 SP1"
      },
      {
        "status": "affected",
        "version": "3.7 SP2"
      }
    ]
  },
  {
    "product": "OPC Server for Mod 300 (non-800xA)",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "1.4"
      }
    ]
  },
  {
    "product": "OPC Data Link",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "2.1"
      },
      {
        "status": "affected",
        "version": "2.2"
      }
    ]
  },
  {
    "product": "Knowledge Manager",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "9.0"
      },
      {
        "status": "affected",
        "version": "9.1"
      }
    ]
  },
  {
    "product": "Manufacturing Operations Management",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "1812"
      },
      {
        "status": "affected",
        "version": "1909"
      }
    ]
  },
  {
    "product": "Advant  OCS AC 100 OPS Server",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.1"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
nessus 1
ics 1
cvelist
cvelist
CVE-2020-8481 ABB Central Licensing System - Information disclosure
2020-04-29 01:30:56
prion
prion
Design/Logic Flaw
2020-04-29 02:15:00
nvd
nvd
CVE-2020-8481
2020-04-29 02:15:11
nessus
nessus
ABB Central Licensing System Exposure of Sensitive Information to an Unauthorized Actor (CVE-2020-8481)
2023-03-29 00:00:00
ics
ics
ABB Central Licensing System
2020-06-02 12:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.7%

JSON
Related for CVE-2020-8481
cvelist1prion1nvd1nessus1ics1