Details of VAR-202004-2162

ID

VAR-202004-2162

CVE

CVE-2020-8481

TITLE

plural ABB Information leakage vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-005100

DESCRIPTION

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. plural ABB The product contains a vulnerability related to information leakage.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and others are products of Swiss ABB company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity security application. There are information disclosure vulnerabilities in many ABB products. The vulnerability stems from programs writing sensitive information to unprotected files

Trust: 2.34

sources: NVD: CVE-2020-8481 // JVNDB: JVNDB-2020-005100 // CNVD: CNVD-2020-32228 // VULHUB: VHN-186606 // VULMON: CVE-2020-8481

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-32228

AFFECTED PRODUCTS

vendor:	abb	model:	800xa system	scope:	eq	version:	5.1	Trust: 1.1
vendor:	abb	model:	system 800xa	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	opcserver for ac800m	scope:	lte	version:	<=6.0	Trust: 0.6
vendor:	abb	model:	control builder mprofessional	scope:	lte	version:	<=6.0	Trust: 0.6
vendor:	abb	model:	mmsserver for ac800m	scope:	lte	version:	<=6.0	Trust: 0.6
vendor:	abb	model:	base software for softcontrol	scope:	lte	version:	<=6.0	Trust: 0.6
vendor:	abb	model:	ability system 800xa and related system extensions	scope:	eq	version:	5.1	Trust: 0.6
vendor:	abb	model:	ability system 800xa and related system extensions	scope:	eq	version:	6.0	Trust: 0.6
vendor:	abb	model:	ability system 800xa and related system extensions	scope:	eq	version:	6.1	Trust: 0.6
vendor:	abb	model:	compact hmi	scope:	eq	version:	5.1	Trust: 0.6
vendor:	abb	model:	compact hmi	scope:	eq	version:	6.0	Trust: 0.6
vendor:	abb	model:	control builder safe	scope:	eq	version:	1.0	Trust: 0.6
vendor:	abb	model:	control builder safe	scope:	eq	version:	1.1	Trust: 0.6
vendor:	abb	model:	control builder safe	scope:	eq	version:	2.0	Trust: 0.6
vendor:	abb	model:	ability symphony plus s+ operations	scope:	eq	version:	->=3.0,<=3.2	Trust: 0.6
vendor:	abb	model:	ability symphony plus s+ engineering	scope:	eq	version:	->=1.1,<=2.2	Trust: 0.6
vendor:	abb	model:	composer harmony	scope:	eq	version:	5.1	Trust: 0.6
vendor:	abb	model:	composer harmony	scope:	eq	version:	6.0	Trust: 0.6
vendor:	abb	model:	composer harmony	scope:	eq	version:	6.1	Trust: 0.6
vendor:	abb	model:	composer melody	scope:	eq	version:	1.05.3	Trust: 0.6
vendor:	abb	model:	composer melody	scope:	eq	version:	1.06.1	Trust: 0.6
vendor:	abb	model:	composer melody	scope:	eq	version:	1.06.2	Trust: 0.6
vendor:	abb	model:	composer melody	scope:	eq	version:	1.06.3	Trust: 0.6
vendor:	abb	model:	harmony opc server	scope:	eq	version:	6.0	Trust: 0.6
vendor:	abb	model:	harmony opc server	scope:	eq	version:	6.1	Trust: 0.6
vendor:	abb	model:	harmony opc server	scope:	eq	version:	7.0	Trust: 0.6
vendor:	abb	model:	ability system 800xa advant ocs control builder a	scope:	eq	version:	/1.3	Trust: 0.6
vendor:	abb	model:	ability system 800xa advant ocs control builder a	scope:	eq	version:	/1.4	Trust: 0.6
vendor:	abb	model:	advant ocs ac opc server	scope:	eq	version:	1005.1	Trust: 0.6
vendor:	abb	model:	advant ocs ac opc server	scope:	eq	version:	1006.0	Trust: 0.6
vendor:	abb	model:	advant ocs ac opc server	scope:	eq	version:	1006.1	Trust: 0.6
vendor:	abb	model:	composer ctk	scope:	eq	version:	6.1	Trust: 0.6
vendor:	abb	model:	composer ctk	scope:	eq	version:	6.2	Trust: 0.6
vendor:	abb	model:	advabuild sp1	scope:	eq	version:	3.7	Trust: 0.6
vendor:	abb	model:	advabuild sp2	scope:	eq	version:	3.7	Trust: 0.6
vendor:	abb	model:	opc server mod	scope:	eq	version:	3001.4	Trust: 0.6
vendor:	abb	model:	opc data link	scope:	eq	version:	2.1	Trust: 0.6
vendor:	abb	model:	opc data link	scope:	eq	version:	2.2	Trust: 0.6
vendor:	abb	model:	ability knowledge manager	scope:	eq	version:	8.0	Trust: 0.6
vendor:	abb	model:	ability knowledge manager	scope:	eq	version:	9.0	Trust: 0.6
vendor:	abb	model:	ability knowledge manager	scope:	eq	version:	9.1	Trust: 0.6
vendor:	abb	model:	ability manufacturing operations management	scope:	eq	version:	1812	Trust: 0.6
vendor:	abb	model:	ability manufacturing operations management	scope:	eq	version:	1909	Trust: 0.6

sources: CNVD: CNVD-2020-32228 // VULMON: CVE-2020-8481 // JVNDB: JVNDB-2020-005100 // NVD: CVE-2020-8481

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8481
value:	CRITICAL
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2020-8481
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-005100
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-32228
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-2370
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-186606
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-8481
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-8481
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005100
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-32228
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-186606
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8481
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-005100
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-32228 // VULHUB: VHN-186606 // VULMON: CVE-2020-8481 // JVNDB: JVNDB-2020-005100 // CNNVD: CNNVD-202004-2370 // NVD: CVE-2020-8481 // NVD: CVE-2020-8481

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-922	Trust: 1.0

sources: VULHUB: VHN-186606 // JVNDB: JVNDB-2020-005100 // NVD: CVE-2020-8481

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2370

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2370

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005100

PATCH

title:	SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe	url:	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch	Trust: 0.8
title:	SECURITY Multiple Vulnerabilities in ABB Central Licensing System	url:	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch	Trust: 0.8

sources: JVNDB: JVNDB-2020-005100

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8481	Trust: 3.2
db:	ICS CERT	id:	ICSA-20-154-04	Trust: 2.0
db:	JVN	id:	JVNVU94921886	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005100	Trust: 0.8
db:	CNVD	id:	CNVD-2020-32228	Trust: 0.7
db:	CNNVD	id:	CNNVD-202004-2370	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1926	Trust: 0.6
db:	VULHUB	id:	VHN-186606	Trust: 0.1
db:	VULMON	id:	CVE-2020-8481	Trust: 0.1

sources: CNVD: CNVD-2020-32228 // VULHUB: VHN-186606 // VULMON: CVE-2020-8481 // JVNDB: JVNDB-2020-005100 // CNNVD: CNNVD-202004-2370 // NVD: CVE-2020-8481

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-154-04	Trust: 2.0
url:	https://search.abb.com/library/download.aspx?documentid=2paa121230&languagecode=en&documentpartid=&action=launch	Trust: 1.7
url:	https://search.abb.com/library/download.aspx?documentid=2paa121231&languagecode=en&documentpartid=&action=launch	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8481	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8481	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu94921886/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1926/	Trust: 0.6
url:	https://search.abb.com/library/download.aspx?documentid=2paa121230&languagecode=en&documentpartid=&action=launch	Trust: 0.1
url:	https://search.abb.com/library/download.aspx?documentid=2paa121231&languagecode=en&documentpartid=&action=launch	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-32228 // VULHUB: VHN-186606 // VULMON: CVE-2020-8481 // JVNDB: JVNDB-2020-005100 // CNNVD: CNNVD-202004-2370 // NVD: CVE-2020-8481

SOURCES

db:	CNVD	id:	CNVD-2020-32228
db:	VULHUB	id:	VHN-186606
db:	VULMON	id:	CVE-2020-8481
db:	JVNDB	id:	JVNDB-2020-005100
db:	CNNVD	id:	CNNVD-202004-2370
db:	NVD	id:	CVE-2020-8481

LAST UPDATE DATE

2024-11-23T21:35:51.739000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-32228	date:	2020-06-10T00:00:00
db:	VULHUB	id:	VHN-186606	date:	2021-09-14T00:00:00
db:	VULMON	id:	CVE-2020-8481	date:	2020-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-005100	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202004-2370	date:	2021-09-15T00:00:00
db:	NVD	id:	CVE-2020-8481	date:	2024-11-21T05:38:55.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-32228	date:	2020-06-10T00:00:00
db:	VULHUB	id:	VHN-186606	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-8481	date:	2020-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-005100	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202004-2370	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2020-8481	date:	2020-04-29T02:15:11.907