Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ABB_CVE-2020-8477.NASL
HistoryMar 29, 2023 - 12:00 a.m.

ABB System 800xA Information Manager Improper Neutralization of Input During Web Page Generation (CVE-2020-8477)

2023-03-2900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
improper neutralization input
xss attack
remote unauthorized access

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500929);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2020-8477");

  script_name(english:"ABB System 800xA Information Manager Improper Neutralization of Input During Web Page Generation (CVE-2020-8477)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The installations for ABB System 800xA Information Manager versions
5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An
attacker is able to use this for an XSS-like attack to an
authenticated local user, which might lead to execution of arbitrary
code.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9606af1f");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-184-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

ABBҀ™s recommendations:

- This vulnerability was corrected in System 800xA of the following versions: 
    - 5.1 Rev E/5.1 FP4 E TC6, ABB recommends users on the 5.1 track to install this TC, which can be obtained from
technical support upon request.
    - 6.0.3.3 RU1, ABB recommends users on the 6.0.3 LTS track to update 6.0.3.3 and install RU1 for IM.
    - 6.1 RU1, ABB recommends users on the 6.1 track to update to this version.
- The above-mentioned updates are recommended regardless of whether the previously described manual removal of the
vulnerable component has been done or not. The IM rollups for 6.0.3.3 and 6.1 can be downloaded from My ABB/My Control
System.
- Please note this vulnerability can be exploited by remote and unauthenticated users, so users are recommended to
ensure only authorized persons have access to plant assets and network and that web browsing from system nodes to
external networks is restricted, especially from an IM node.
- Check that the usage of the Access Enable key in AC 800M HI and the configured access level of SIL variables
corresponds to the risk analysis.

Successful exploitation of this vulnerability requires luring a user to a malicious website. Recommended baseline
security practices and firewall configurations can help protect a network and its attached devices from attacks that
originate from outside the network.

Recommended baseline security practices and firewall configurations can help protect a network and its attached devices
from attacks that originate from outside the network. For example, common practices are for process control systems to
be physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and
are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others
that must be evaluated case by case.

Process control and automation systems should not be used for general business functions (e.g., Internet browsing,
email, etc.) that are not critical industrial processes. Portable computers and removable storage media should be
carefully scanned for viruses before they are connected to a control system.

Recommended practices include that process control systems are physically protected, have no direct connections to the
Internet, and are separated from other networks by means of a firewall system with a minimal number of ports exposed.
For more information please refer to ABBҀ™s Cybersecurity Advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8477");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:abb:800xa_information_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:abb:800xa_information_manager:5.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:abb:800xa_information_manager:6.1");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/ABB");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/ABB');

var asset = tenable_ot::assets::get(vendor:'ABB');

var vuln_cpes = {
    "cpe:/a:abb:800xa_information_manager:5.1" :
        {"versionEndIncluding" : "5.1", "versionStartIncluding" : "5.1", "family" : "Abb800xA"},
    "cpe:/a:abb:800xa_information_manager" :
        {"versionEndIncluding" : "6.0.3.2", "versionStartIncluding" : "6.0.0", "family" : "Abb800xA"},
    "cpe:/a:abb:800xa_information_manager:6.1" :
        {"versionEndIncluding" : "6.1", "versionStartIncluding" : "6.1", "family" : "Abb800xA"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
abb800xa_information_managercpe:/a:abb:800xa_information_manager
abb800xa_information_manager5.1cpe:/a:abb:800xa_information_manager:5.1
abb800xa_information_manager6.1cpe:/a:abb:800xa_information_manager:6.1

Related

cvelist 1
prion 1
nvd 1
cve 1
ics 1
cvelist
cvelist
CVE-2020-8477 ABB System 800xA Information Manager Remote Code Execution
2020-04-22 14:46:23
prion
prion
Cross site scripting
2020-04-22 15:15:00
nvd
nvd
CVE-2020-8477
2020-04-22 15:15:14
cve
cve
CVE-2020-8477
2020-04-22 15:15:14
ics
ics
ABB System 800xA Information Manager
2020-07-02 12:00:00

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON
Related for TENABLE_OT_ABB_CVE-2020-8477.NASL
cvelist1prion1nvd1cve1ics1