4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
12.7%
Successful exploitation of these vulnerabilities could allow an attacker to make the system node inaccessible or tamper with runtime data in the system.
The following products of System 800xA are affected:
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect the online view of runtime data shown in Control Builder.
CVE-2020-8478 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to manipulate the data to allow reads and writes to the controllers or cause the 800xA for DCI processes to crash.
CVE-2020-8484 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to manipulate the data to allow reads and writes to the controllers or cause the 800xA for MOD 300 processes to crash.
CVE-2020-8485 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability concerning 800xA RNRP would be able to affect node redundancy handling. The attacked node could perceive other nodes to be unavailable, which will disrupt the communication. When running the system in simulation mode, the simulated clock could be affected.
CVE-2020-8486 has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability concerning System 800xA Base would be able to affect node redundancy handling. The attacked node could perceive other nodes to be unavailable, which will disrupt the communication. When running the system in simulation mode, the simulated clock could be affected.
CVE-2020-8487 has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect how the UI is updated during batch execution. The compare and printing functionality in batch could also be affected.
CVE-2020-8488 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect the runtime values that are to be stored in the archive. Also, this can make information management history services unavailable to the clients.
CVE-2020-8489 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
William Knowles of Applied Risk reported these vulnerabilities to ABB.
ABB recommends changing any user account passwords suspected to be known by an unauthorized person. ABB recommends users disable interactive logon (both local and remote) for the service account.
Please note these vulnerabilities can only be exploited by authenticated users. ABB recommendeds users ensure only authorized persons have access to user accounts in System 800xA.
ABB plans to correct these vulnerabilities in future product versions.
For more information, please refer to ABB’s Cybersecurity Advisory.
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8478
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8484
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8485
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8486
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8487
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8488
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8489
cwe.mitre.org/data/definitions/276.html
cwe.mitre.org/data/definitions/276.html
cwe.mitre.org/data/definitions/276.html
cwe.mitre.org/data/definitions/276.html
cwe.mitre.org/data/definitions/276.html
cwe.mitre.org/data/definitions/276.html
cwe.mitre.org/data/definitions/276.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch
twitter.com/CISAgov
twitter.com/intent/tweet?text=ABB%20Multiple%20System%20800xA%20Products+https://www.cisa.gov/news-events/ics-advisories/icsa-20-154-03
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-20-154-03&title=ABB%20Multiple%20System%20800xA%20Products
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-20-154-03
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-20-154-03
www.us-cert.gov/ics
www.us-cert.gov/ics
www.us-cert.gov/ics/recommended-practices
www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B
www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=ABB%20Multiple%20System%20800xA%20Products&body=www.cisa.gov/news-events/ics-advisories/icsa-20-154-03
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
12.7%