Sign-up

ID

VAR-202004-2157


CVE

CVE-2020-8475


TITLE

plural ABB Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-005096

DESCRIPTION

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service. plural ABB The product contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB Company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.8

sources: NVD: CVE-2020-8475 // JVNDB: JVNDB-2020-005096 // VULHUB: VHN-186600 // VULMON: CVE-2020-8475

AFFECTED PRODUCTS

vendor:abbmodel:800xa systemscope:eqversion:6.0.1

Trust: 1.0

vendor:abbmodel:control builder safescope:eqversion:2.0

Trust: 1.0

vendor:abbmodel:compact hmiscope:eqversion:6.0.1-1

Trust: 1.0

vendor:abbmodel:800xa systemscope:eqversion:6.0

Trust: 1.0

vendor:abbmodel:800xa systemscope:eqversion:5.1

Trust: 1.0

vendor:abbmodel:800xa systemscope:eqversion:6.0.3

Trust: 1.0

vendor:abbmodel:compact hmiscope:eqversion:5.1

Trust: 1.0

vendor:abbmodel:800xa systemscope:eqversion:6.0.3.3

Trust: 1.0

vendor:abbmodel:800xa systemscope:eqversion:6.1

Trust: 1.0

vendor:abbmodel:control builder safescope:eqversion:1.0

Trust: 1.0

vendor:abbmodel:control builder safescope:eqversion:1.1

Trust: 1.0

vendor:abbmodel:compact hmiscope:eqversion:6.0.3-2

Trust: 1.0

vendor:abbmodel:compact hmiscope: - version: -

Trust: 0.8

vendor:abbmodel:control builder safescope: - version: -

Trust: 0.8

vendor:abbmodel:system 800xascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005096 // NVD: CVE-2020-8475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8475
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8475
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005096
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-2365
value: HIGH

Trust: 0.6

VULHUB: VHN-186600
value: LOW

Trust: 0.1

VULMON: CVE-2020-8475
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-8475
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005096
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186600
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8475
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8475
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005096
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186600 // VULMON: CVE-2020-8475 // JVNDB: JVNDB-2020-005096 // CNNVD: CNNVD-202004-2365 // NVD: CVE-2020-8475 // NVD: CVE-2020-8475

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-186600 // JVNDB: JVNDB-2020-005096 // NVD: CVE-2020-8475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2365

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2365

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005096

PATCH
title:SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safeurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:SECURITY Multiple Vulnerabilities in ABB Central Licensing Systemurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005096

EXTERNAL IDS
db:NVDid:CVE-2020-8475
Trust: 2.6
db:ICS CERTid:ICSA-20-154-04
Trust: 1.5
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005096
Trust: 0.8
db:CNNVDid:CNNVD-202004-2365
Trust: 0.7
db:AUSCERTid:ESB-2020.1926
Trust: 0.6
db:VULHUBid:VHN-186600
Trust: 0.1
db:VULMONid:CVE-2020-8475
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186600 // 
            
            
            
            VULMON: CVE-2020-8475 // 
            
            
            
            JVNDB: JVNDB-2020-005096 // 
            
            
            
            CNNVD: CNNVD-202004-2365 // 
            
            
            
            NVD: CVE-2020-8475

REFERENCES
url:https://search.abb.com/library/download.aspx?documentid=2paa121230&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://search.abb.com/library/download.aspx?documentid=2paa121231&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://search.abb.com/library/download.aspx?documentid=3cca2020-003309&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-04
Trust: 1.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-8475
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8475
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1926/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121230&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://search.abb.com/library/download.aspx?documentid=2paa121231&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://search.abb.com/library/download.aspx?documentid=3cca2020-003309&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186600 // 
            
            
            
            VULMON: CVE-2020-8475 // 
            
            
            
            JVNDB: JVNDB-2020-005096 // 
            
            
            
            CNNVD: CNNVD-202004-2365 // 
            
            
            
            NVD: CVE-2020-8475

SOURCES
db:VULHUBid:VHN-186600
db:VULMONid:CVE-2020-8475
db:JVNDBid:JVNDB-2020-005096
db:CNNVDid:CNNVD-202004-2365
db:NVDid:CVE-2020-8475

LAST UPDATE DATE
2024-11-23T21:35:51.711000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-186600date:2022-10-28T00:00:00
db:VULMONid:CVE-2020-8475date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-005096date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2365date:2022-10-31T00:00:00
db:NVDid:CVE-2020-8475date:2024-11-21T05:38:54.707

SOURCES RELEASE DATE
db:VULHUBid:VHN-186600date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8475date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005096date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2365date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8475date:2020-04-29T02:15:11.623