EUVD-2020-29345

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

XML External Entity Injection vulnerability in ABB Central Licensing Server allows file access and license blocking.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2020-8479	20 May 202014:27	–	circl
CVE	CVE-2020-8479	29 Apr 202000:00	–	cve
Cvelist	CVE-2020-8479 ABB Central Licensing System - XML External Entity Injection	29 Apr 202000:00	–	cvelist
ICS	ABB Central Licensing System	2 Jun 202000:00	–	ics
NVD	CVE-2020-8479	29 Apr 202002:15	–	nvd
Prion	Xxe	29 Apr 202002:15	–	prion
Positive Technologies	PT-2020-20164 · Abb · Compact Hmi +17	29 Apr 202000:00	–	ptsecurity
RedhatCVE	CVE-2020-8479	5 Feb 202513:15	–	redhatcve
Tenable Nessus	ABB Central Licensing System Improper Restriction of XML External Entity Reference (CVE-2020-8479)	29 Mar 202300:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "94040d15-4b12-394d-8e0c-9d95db425f3b",
        "vendor": {
          "name": "ABB"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0ca9d60e-1af6-3a2e-9f56-987e24341f2b",
        "product": {
          "name": "Composer Harmony"
        },
        "product_version": "6.0"
      },
      {
        "id": "183af9d6-e048-31c0-a35c-a601d92be905",
        "product": {
          "name": "Composer CTK"
        },
        "product_version": "6.2"
      },
      {
        "id": "1968faaa-590a-3ff5-92e9-b79e4b41daa2",
        "product": {
          "name": "Composer Melody "
        },
        "product_version": "6 ≤6.3"
      },
      {
        "id": "24678110-72a2-3627-8629-c7612c6439c0",
        "product": {
          "name": "Manufacturing Operations Management"
        },
        "product_version": "1812"
      },
      {
        "id": "2cdba68a-a47b-36f3-9126-91abeba9edd6",
        "product": {
          "name": "Knowledge Manager"
        },
        "product_version": "9.0"
      },
      {
        "id": "2e43fd63-81ea-39cc-a48c-2b37b8a91b89",
        "product": {
          "name": "Harmony OPC Server Standalone"
        },
        "product_version": "6.1"
      },
      {
        "id": "305af31c-3e5d-3b8b-b8fa-3bcfd306b2fb",
        "product": {
          "name": "ABB Ability System 800xA"
        },
        "product_version": "6.0"
      },
      {
        "id": "38186161-61ca-3a80-b091-ba22024b85ba",
        "product": {
          "name": "Compact HMI"
        },
        "product_version": "5.1"
      },
      {
        "id": "3a0cd056-24f1-37c0-b504-7c46796dc1d9",
        "product": {
          "name": "Manufacturing Operations Management"
        },
        "product_version": "1909"
      },
      {
        "id": "3e5671fd-b964-3f39-bf61-af6f20002e08",
        "product": {
          "name": "Advant  OCS AC 100 OPS Server"
        },
        "product_version": "6.0"
      },
      {
        "id": "421216a3-e551-3b4a-8f5e-3643ebf6d378",
        "product": {
          "name": "ABB Ability System 800xA"
        },
        "product_version": "6.1"
      },
      {
        "id": "48371544-2b00-3240-86c4-46adccc3541d",
        "product": {
          "name": "Compact HMI"
        },
        "product_version": "6.0"
      },
      {
        "id": "57471325-e401-3aed-b00a-7cc8a5d08e21",
        "product": {
          "name": "ABB  Ability™ SCADAvantage"
        },
        "product_version": "5.1 <unspecified"
      },
      {
        "id": "5a7ed03d-8337-36b1-9021-f921c998c3a4",
        "product": {
          "name": "Control Builder Safe"
        },
        "product_version": "1.1"
      },
      {
        "id": "5c2f1076-edb2-370e-8101-cd5f39e8d86d",
        "product": {
          "name": "Knowledge Manager"
        },
        "product_version": "8.0"
      },
      {
        "id": "5ed4b0a5-907d-3d37-bd0f-bd5cdce6d64b",
        "product": {
          "name": "OPC Data Link"
        },
        "product_version": "2.1"
      },
      {
        "id": "6067323d-06ef-381f-9889-95019c0ebff6",
        "product": {
          "name": "Advant OCS Control Builder A"
        },
        "product_version": "1.3"
      },
      {
        "id": "63c42b24-7869-38a5-b230-781f25c47890",
        "product": {
          "name": "Symphony Plus S+ Engineering"
        },
        "product_version": "1.1 ≤2.2"
      },
      {
        "id": "6dd13e0b-afc9-3d3a-b10c-0c7380aaf27d",
        "product": {
          "name": "OPC Data Link"
        },
        "product_version": "2.2"
      },
      {
        "id": "789d9768-ee9b-31cd-92cf-a882ebabf464",
        "product": {
          "name": "AdvaBuild"
        },
        "product_version": "3.7 SP2"
      },
      {
        "id": "7a49db92-a495-3429-91a5-8ddb7e4c7e1a",
        "product": {
          "name": "ABB  Ability™ SCADAvantage"
        },
        "product_version": "unspecified ≤5.6.5"
      },
      {
        "id": "7fcf4404-3939-3744-ba12-a94feabfc2dd",
        "product": {
          "name": "Control Builder Safe"
        },
        "product_version": "2.0"
      },
      {
        "id": "81503058-e1ba-3ccd-81c3-440b5f1ac443",
        "product": {
          "name": "Symphony Plus S+ Operations"
        },
        "product_version": "3 ≤3.2"
      },
      {
        "id": "8dabf5b7-82fd-3844-b869-409060acd72e",
        "product": {
          "name": "OPC Server for Mod 300 (non-800xA)"
        },
        "product_version": "1.4"
      },
      {
        "id": "91442510-7506-3fd0-8a26-12b01cf6574f",
        "product": {
          "name": "Central Licensing System"
        },
        "product_version": "5.1 <5*"
      },
      {
        "id": "957cc324-daaa-3ae5-80c8-1cf734577def",
        "product": {
          "name": "Composer Harmony"
        },
        "product_version": "5.1"
      },
      {
        "id": "a061e2ee-60bf-3cca-afec-37cfdf38fe0a",
        "product": {
          "name": "Composer CTK"
        },
        "product_version": "6.1"
      },
      {
        "id": "a3e327e4-9964-3a1d-b52f-7a5805978228",
        "product": {
          "name": "Knowledge Manager"
        },
        "product_version": "9.1"
      },
      {
        "id": "b085b79c-3cb5-31ca-bc8c-a36f55088bca",
        "product": {
          "name": "Control Builder Safe"
        },
        "product_version": "1.0"
      },
      {
        "id": "b16d29f3-40e5-354f-957d-2d66447cfd2c",
        "product": {
          "name": "Advant OCS Control Builder A"
        },
        "product_version": "1.4"
      },
      {
        "id": "b86b5062-2a69-399a-9722-96d7fc30f6a2",
        "product": {
          "name": "Advant  OCS AC 100 OPS Server"
        },
        "product_version": "6.1"
      },
      {
        "id": "c3bd50b1-82a3-3755-8b7b-7e7a642b9543",
        "product": {
          "name": "Harmony OPC Server Standalone"
        },
        "product_version": "6.0"
      },
      {
        "id": "c6463474-6196-3681-aede-716833af44bc",
        "product": {
          "name": "ABB Ability System 800xA"
        },
        "product_version": "5.1"
      },
      {
        "id": "d4ef72c5-bf71-3e6e-819c-1c39c97f13bd",
        "product": {
          "name": "Composer Harmony"
        },
        "product_version": "6.1"
      },
      {
        "id": "ec4261d2-409e-32c2-b629-97e717f24d07",
        "product": {
          "name": "AdvaBuild"
        },
        "product_version": "3.7 SP1"
      },
      {
        "id": "efbd6f15-6670-3fe2-a4d2-cb237f10cb3a",
        "product": {
          "name": "Composer Melody "
        },
        "product_version": "5.3"
      },
      {
        "id": "f25ebb59-112d-3354-b81d-2807596a7f39",
        "product": {
          "name": "Advant  OCS AC 100 OPS Server"
        },
        "product_version": "5.1"
      },
      {
        "id": "fcae9152-68cd-3e79-a196-8c19bce8a44a",
        "product": {
          "name": "Harmony OPC Server Standalone"
        },
        "product_version": "7.0"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx
search	www.search.abb.com/library/Download.aspx
search	www.search.abb.com/library/Download.aspx
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

9.1High risk

Vulners AI Score9.1

CVSS 3.19.4 - 9.8

CVSS 27.5

EPSS0.00707