24 matches found
EUVD-2020-3984
Malware in sbrugna...
EUVD-2020-3985
Malware in sbrugna...
CVE-2020-11640
AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...
CVE-2020-11640
AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...
CVE-2020-11639
An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...
CVE-2020-11640
ABB Advant MOD 300 AdvaBuild (versions 3.0–3.7 SP2) is affected by CVE-2020-11640 due to improper privilege management in the command queue. An attacker who gains access to the command queue can trigger execution of arbitrary executables on the AdvaBuild node, not limited to AdvaBuild utilities, ...
CVE-2020-11640 Elevation of Privilege
AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...
CVE-2020-11640 Elevation of Privilege
AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege...
CVE-2020-11639 Insufficient access control on Inter process communication,
An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...
ABB Advant MOD 300 AdvaBuild 安全漏洞
ABB Advant MOD 300 AdvaBuild is an industrial control system from ABB Switzerland. A security vulnerability exists in ABB Advant MOD 300 AdvaBuild versions 3.0 through 3.7 SP2, which originates from an attacker who can cause a denial-of-service attack by injecting garbage data or specially crafte...
ABB Central Licensing System Improper Restriction of XML External Entity Reference (CVE-2020-8479)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
ABB Multiple System 800xA Products Incorrect Default Permissions (CVE-2020-8485)
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. This plugin only work...
ABB Central Licensing System Uncontrolled Resource Consumption (CVE-2020-8475)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
ABB Multiple System 800xA Products
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to make the system node inaccessible or tamper with...
CVE-2020-8485
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...
CVE-2020-8481
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody...
CVE-2020-8475
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
Design/Logic Flaw
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...
CVE-2020-8485
CVE-2020-8485 affects ABB System 800xA MOD 300; the inter-process communication protections are insufficient, allowing a locally authenticated attacker to inject data and enable reads/writes to controllers or crash Windows processes. Affected: System 800xA MOD 300 (all published versions). Impact...
CVE-2020-8485 ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...