Sign-up

ID

VAR-202004-2170


CVE

CVE-2020-8471


TITLE

plural ABB Inappropriate default permissions in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-005093

DESCRIPTION

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code. plural ABB The product contains a vulnerability related to improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB Ability System 800xA and so on are the products of Swiss ABB (ABB) company. ABB Ability System 800xA is a distributed control system for industrial control industry. ABB Compact HMI is a monitoring and data acquisition system. ABB Control Builder Safe is an engineering tool for configuring and downloading the AC 800M High Integrity safety application. Central Licensing Server is one of the license servers. An input validation error vulnerability exists in the Central Licensing Server component of several ABB products. An attacker could exploit this vulnerability to block license processing, escalate privileges, and execute arbitrary code

Trust: 1.8

sources: NVD: CVE-2020-8471 // JVNDB: JVNDB-2020-005093 // VULHUB: VHN-186596 // VULMON: CVE-2020-8471

AFFECTED PRODUCTS

vendor:abbmodel:control builder safescope:eqversion:1.0

Trust: 1.0

vendor:abbmodel:800xa systemscope:eqversion:5.1

Trust: 1.0

vendor:abbmodel:control builder safescope:eqversion:1.1

Trust: 1.0

vendor:abbmodel:compact hmiscope:eqversion:5.1

Trust: 1.0

vendor:abbmodel:compact hmiscope: - version: -

Trust: 0.8

vendor:abbmodel:control builder safescope: - version: -

Trust: 0.8

vendor:abbmodel:system 800xascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005093 // NVD: CVE-2020-8471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8471
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8471
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005093
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-2367
value: HIGH

Trust: 0.6

VULHUB: VHN-186596
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8471
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8471
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005093
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186596
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8471
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-005093
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186596 // VULMON: CVE-2020-8471 // JVNDB: JVNDB-2020-005093 // CNNVD: CNNVD-202004-2367 // NVD: CVE-2020-8471 // NVD: CVE-2020-8471

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.9

problemtype:CWE-275

Trust: 1.0

sources: VULHUB: VHN-186596 // JVNDB: JVNDB-2020-005093 // NVD: CVE-2020-8471

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2367

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2367

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005093

PATCH
title:SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safeurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:SECURITY Multiple Vulnerabilities in ABB Central Licensing Systemurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005093

EXTERNAL IDS
db:NVDid:CVE-2020-8471
Trust: 2.6
db:ICS CERTid:ICSA-20-154-04
Trust: 2.6
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005093
Trust: 0.8
db:CNNVDid:CNNVD-202004-2367
Trust: 0.7
db:AUSCERTid:ESB-2020.1926
Trust: 0.6
db:VULHUBid:VHN-186596
Trust: 0.1
db:VULMONid:CVE-2020-8471
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186596 // 
            
            
            
            VULMON: CVE-2020-8471 // 
            
            
            
            JVNDB: JVNDB-2020-005093 // 
            
            
            
            CNNVD: CNNVD-202004-2367 // 
            
            
            
            NVD: CVE-2020-8471

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-04
Trust: 2.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121230&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://search.abb.com/library/download.aspx?documentid=2paa121231&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-8471
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8471
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1926/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121230&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://search.abb.com/library/download.aspx?documentid=2paa121231&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/276.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186596 // 
            
            
            
            VULMON: CVE-2020-8471 // 
            
            
            
            JVNDB: JVNDB-2020-005093 // 
            
            
            
            CNNVD: CNNVD-202004-2367 // 
            
            
            
            NVD: CVE-2020-8471

SOURCES
db:VULHUBid:VHN-186596
db:VULMONid:CVE-2020-8471
db:JVNDBid:JVNDB-2020-005093
db:CNNVDid:CNNVD-202004-2367
db:NVDid:CVE-2020-8471

LAST UPDATE DATE
2024-11-23T21:35:52.055000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-186596date:2020-06-09T00:00:00
db:VULMONid:CVE-2020-8471date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-005093date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2367date:2020-06-04T00:00:00
db:NVDid:CVE-2020-8471date:2024-11-21T05:38:54.237

SOURCES RELEASE DATE
db:VULHUBid:VHN-186596date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8471date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005093date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2367date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8471date:2020-04-29T02:15:11.530