Sign-up

ID

VAR-202004-2161


CVE

CVE-2020-8479


TITLE

plural ABB Blinds in the product XPath Injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-005099

DESCRIPTION

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling. plural ABB The product is blind XPath An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB Company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products

Trust: 1.8

sources: NVD: CVE-2020-8479 // JVNDB: JVNDB-2020-005099 // VULHUB: VHN-186604 // VULMON: CVE-2020-8479

AFFECTED PRODUCTS

vendor:abbmodel:800xa systemscope:eqversion:5.1

Trust: 1.1

vendor:abbmodel:800xa systemscope:eqversion:6.0

Trust: 1.1

vendor:abbmodel:800xa systemscope:eqversion:6.0.1

Trust: 1.1

vendor:abbmodel:800xa systemscope:eqversion:6.0.3

Trust: 1.1

vendor:abbmodel:800xa systemscope:eqversion:6.1

Trust: 1.1

vendor:abbmodel:compact hmiscope:eqversion:5.1

Trust: 1.1

vendor:abbmodel:compact hmiscope:eqversion:6.0.1-1

Trust: 1.1

vendor:abbmodel:compact hmiscope:eqversion:6.0.3-2

Trust: 1.1

vendor:abbmodel:control builder safescope:eqversion:1.0

Trust: 1.1

vendor:abbmodel:control builder safescope:eqversion:1.1

Trust: 1.1

vendor:abbmodel:control builder safescope:eqversion:2.0

Trust: 1.1

vendor:abbmodel:compact hmiscope: - version: -

Trust: 0.8

vendor:abbmodel:control builder safescope: - version: -

Trust: 0.8

vendor:abbmodel:system 800xascope: - version: -

Trust: 0.8

sources: VULMON: CVE-2020-8479 // JVNDB: JVNDB-2020-005099 // NVD: CVE-2020-8479

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8479
value: CRITICAL

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8479
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-005099
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-2369
value: CRITICAL

Trust: 0.6

VULHUB: VHN-186604
value: HIGH

Trust: 0.1

VULMON: CVE-2020-8479
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-8479
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005099
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186604
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8479
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8479
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005099
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186604 // VULMON: CVE-2020-8479 // JVNDB: JVNDB-2020-005099 // CNNVD: CNNVD-202004-2369 // NVD: CVE-2020-8479 // NVD: CVE-2020-8479

PROBLEMTYPE DATA

problemtype:CWE-91

Trust: 1.9

sources: VULHUB: VHN-186604 // JVNDB: JVNDB-2020-005099 // NVD: CVE-2020-8479

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2369

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2369

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005099

PATCH
title:SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safeurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:SECURITY Multiple Vulnerabilities in ABB Central Licensing Systemurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005099

EXTERNAL IDS
db:NVDid:CVE-2020-8479
Trust: 2.6
db:ICS CERTid:ICSA-20-154-04
Trust: 1.4
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005099
Trust: 0.8
db:CNNVDid:CNNVD-202004-2369
Trust: 0.7
db:AUSCERTid:ESB-2020.1926
Trust: 0.6
db:VULHUBid:VHN-186604
Trust: 0.1
db:VULMONid:CVE-2020-8479
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186604 // 
            
            
            
            VULMON: CVE-2020-8479 // 
            
            
            
            JVNDB: JVNDB-2020-005099 // 
            
            
            
            CNNVD: CNNVD-202004-2369 // 
            
            
            
            NVD: CVE-2020-8479

REFERENCES
url:https://search.abb.com/library/download.aspx?documentid=2paa121230&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://search.abb.com/library/download.aspx?documentid=2paa121231&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://search.abb.com/library/download.aspx?documentid=3cca2020-003309&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-04
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-8479
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8479
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1926/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121230&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://search.abb.com/library/download.aspx?documentid=2paa121231&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://search.abb.com/library/download.aspx?documentid=3cca2020-003309&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/91.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186604 // 
            
            
            
            VULMON: CVE-2020-8479 // 
            
            
            
            JVNDB: JVNDB-2020-005099 // 
            
            
            
            CNNVD: CNNVD-202004-2369 // 
            
            
            
            NVD: CVE-2020-8479

SOURCES
db:VULHUBid:VHN-186604
db:VULMONid:CVE-2020-8479
db:JVNDBid:JVNDB-2020-005099
db:CNNVDid:CNNVD-202004-2369
db:NVDid:CVE-2020-8479

LAST UPDATE DATE
2024-11-23T21:35:52.083000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-186604date:2022-10-28T00:00:00
db:VULMONid:CVE-2020-8479date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-005099date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2369date:2022-10-31T00:00:00
db:NVDid:CVE-2020-8479date:2024-11-21T05:38:55.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-186604date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8479date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005099date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2369date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8479date:2020-04-29T02:15:11.827