CVE-2020-8471 ABB Central Licensing System - Weak File Permissions

🗓️ 29 Apr 2020 01:30:43Reported by ABBType

CVE-2020-8471 ABB Central Licensing System Weak File Permissions vulnerabilit

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2020-8471	20 May 202014:27	–	circl
CVE	CVE-2020-8471	29 Apr 202001:30	–	cve
EUVD	EUVD-2020-29337	7 Oct 202500:30	–	euvd
ICS	ABB Central Licensing System	2 Jun 202000:00	–	ics
NVD	CVE-2020-8471	29 Apr 202002:15	–	nvd
Prion	Code injection	29 Apr 202002:15	–	prion
RedhatCVE	CVE-2020-8471	5 Feb 202513:16	–	redhatcve
Tenable Nessus	ABB Central Licensing System Improper Access Control (CVE-2020-8471)	29 Mar 202300:00	–	nessus

[
  {
    "product": "Central Licensing System",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "5*",
        "status": "affected",
        "version": "5.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ABB Ability System 800xA",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.1"
      }
    ]
  },
  {
    "product": "Compact HMI",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      }
    ]
  },
  {
    "product": "Control Builder Safe",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  },
  {
    "product": "Symphony Plus S+ Operations",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "3.2",
        "status": "affected",
        "version": "3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Symphony Plus S+ Engineering",
    "vendor": "ABB",
    "versions": [
      {
        "lessThanOrEqual": "2.2",
        "status": "affected",
        "version": "1.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Composer Harmony",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.1"
      }
    ]
  },
  {
    "product": "Composer Melody",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.3"
      },
      {
        "lessThanOrEqual": "6.3",
        "status": "affected",
        "version": "6",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Harmony OPC Server Standalone",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.1"
      },
      {
        "status": "affected",
        "version": "7.0"
      }
    ]
  },
  {
    "product": "Advant OCS Control Builder A",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "1.3"
      },
      {
        "status": "affected",
        "version": "1.4"
      }
    ]
  },
  {
    "product": "Composer CTK",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "6.1"
      },
      {
        "status": "affected",
        "version": "6.2"
      }
    ]
  },
  {
    "product": "AdvaBuild",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "3.7 SP1"
      },
      {
        "status": "affected",
        "version": "3.7 SP2"
      }
    ]
  },
  {
    "product": "OPC Server for Mod 300 (non-800xA)",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "1.4"
      }
    ]
  },
  {
    "product": "OPC Data Link",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "2.1"
      },
      {
        "status": "affected",
        "version": "2.2"
      }
    ]
  },
  {
    "product": "Knowledge Manager",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "9.0"
      },
      {
        "status": "affected",
        "version": "9.1"
      }
    ]
  },
  {
    "product": "Manufacturing Operations Management",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "1812"
      },
      {
        "status": "affected",
        "version": "1909"
      }
    ]
  },
  {
    "product": "Advant  OCS AC 100 OPS Server",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "6.1"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx
search	www.search.abb.com/library/Download.aspx
us-cert	www.us-cert.gov/ics/advisories/icsa-20-154-04

09 Jun 2020 16:16Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.8

EPSS0.00355

CWE-275