Details of VAR-201901-1515

ID

VAR-201901-1515

CVE

CVE-2018-20720

TITLE

ABB Relion 630 Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014101

DESCRIPTION

ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. ABB Relion 630 The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB Relion 630 is a relay device used for substation automation protection and control from ABB in Switzerland. ABB Relion 630 has security vulnerabilities in version 1.1 before 1.1.0.C0, version 1.2 before 1.2.0.B3, and version 1.3 before 1.3.0.A6. ABB Relion 630 is prone to a denial-of-service vulnerability. Successful exploits of this issue may allow an attacker to crash the affected device, denying service to legitimate users. The following versions of ABB Relion 630 series are vulnerable: ABB Relion 630 series prior to 1.1.0.C0 ABB Relion 630 series prior to 1.2.0.B3 ABB Relion 630 series prior to 1.3.0.A6

Trust: 2.43

sources: NVD: CVE-2018-20720 // JVNDB: JVNDB-2018-014101 // CNVD: CNVD-2020-43690 // BID: 106641

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-43690

AFFECTED PRODUCTS

vendor:	hitachienergy	model:	relion 630	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	hitachienergy	model:	relion 630	scope:	gte	version:	1.3.0	Trust: 1.0
vendor:	hitachienergy	model:	relion 630	scope:	gte	version:	1.2.0	Trust: 1.0
vendor:	hitachienergy	model:	relion 630	scope:	lt	version:	1.3.0.a6	Trust: 1.0
vendor:	hitachienergy	model:	relion 630	scope:	lt	version:	1.2.0.b3	Trust: 1.0
vendor:	hitachienergy	model:	relion 630	scope:	lt	version:	1.1.0.c0	Trust: 1.0
vendor:	abb	model:	relion 630	scope:	lt	version:	1.1	Trust: 0.8
vendor:	abb	model:	relion 630	scope:	eq	version:	1.2.0.b3	Trust: 0.8
vendor:	abb	model:	relion 630	scope:	eq	version:	1.1.0.c0	Trust: 0.8
vendor:	abb	model:	relion 630	scope:	lt	version:	1.2	Trust: 0.8
vendor:	abb	model:	relion 630	scope:	lt	version:	1.3	Trust: 0.8
vendor:	abb	model:	relion 630	scope:	eq	version:	1.3.0.a6	Trust: 0.8
vendor:	abb	model:	relion 1.1,<1.1.0.c0	scope:	eq	version:	630	Trust: 0.6
vendor:	abb	model:	relion 1.2,<1.2.0.b3	scope:	eq	version:	630	Trust: 0.6
vendor:	abb	model:	relion 1.3,<1.3.0.a6	scope:	eq	version:	630	Trust: 0.6
vendor:	abb	model:	relion series	scope:	eq	version:	6501.3	Trust: 0.3
vendor:	abb	model:	relion series	scope:	eq	version:	6301.3	Trust: 0.3
vendor:	abb	model:	relion series	scope:	eq	version:	6301.2	Trust: 0.3
vendor:	abb	model:	relion series	scope:	eq	version:	6301.1	Trust: 0.3
vendor:	abb	model:	relion series 1.3.0.a6	scope:	ne	version:	630	Trust: 0.3
vendor:	abb	model:	relion series 1.2.0.b3	scope:	ne	version:	630	Trust: 0.3
vendor:	abb	model:	relion series 1.1.0.c0	scope:	ne	version:	630	Trust: 0.3

sources: CNVD: CNVD-2020-43690 // BID: 106641 // JVNDB: JVNDB-2018-014101 // NVD: CVE-2018-20720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20720
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-20720
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-43690
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201901-521
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-20720
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-43690
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-20720
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2020-43690 // JVNDB: JVNDB-2018-014101 // CNNVD: CNNVD-201901-521 // NVD: CVE-2018-20720

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-014101 // NVD: CVE-2018-20720

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-521

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201901-521

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014101

PATCH

title:	ABBVU-EPDS-DR1620	url:	http://search.abb.com/library/Download.aspx?DocumentID=1MRS758909&LanguageCode=en&DocumentPartId=&Action=Launch	Trust: 0.8
title:	Patch for ABB Relion 630 Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/228127	Trust: 0.6
title:	ABB Relion 630 Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=88659	Trust: 0.6

sources: CNVD: CNVD-2020-43690 // JVNDB: JVNDB-2018-014101 // CNNVD: CNNVD-201901-521

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20720	Trust: 3.3
db:	BID	id:	106641	Trust: 1.9
db:	JVNDB	id:	JVNDB-2018-014101	Trust: 0.8
db:	CNVD	id:	CNVD-2020-43690	Trust: 0.6
db:	NSFOCUS	id:	43883	Trust: 0.6
db:	CNNVD	id:	CNNVD-201901-521	Trust: 0.6

sources: CNVD: CNVD-2020-43690 // BID: 106641 // JVNDB: JVNDB-2018-014101 // CNNVD: CNNVD-201901-521 // NVD: CVE-2018-20720

REFERENCES

url:	http://search.abb.com/library/download.aspx?documentid=1mrs758909&languagecode=en&documentpartid=&action=launch	Trust: 1.9
url:	http://www.securityfocus.com/bid/106641	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20720	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20720	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43883	Trust: 0.6
url:	http://www.abb.com/	Trust: 0.3

sources: CNVD: CNVD-2020-43690 // BID: 106641 // JVNDB: JVNDB-2018-014101 // CNNVD: CNNVD-201901-521 // NVD: CVE-2018-20720

CREDITS

Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin (Positive Technologies) and Victor Nikitin (i-Grids).

Trust: 0.3

sources: BID: 106641

SOURCES

db:	CNVD	id:	CNVD-2020-43690
db:	BID	id:	106641
db:	JVNDB	id:	JVNDB-2018-014101
db:	CNNVD	id:	CNNVD-201901-521
db:	NVD	id:	CVE-2018-20720

LAST UPDATE DATE

2024-11-23T22:41:36.979000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-43690	date:	2020-08-01T00:00:00
db:	BID	id:	106641	date:	2019-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-014101	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201901-521	date:	2023-05-17T00:00:00
db:	NVD	id:	CVE-2018-20720	date:	2024-11-21T04:02:01.813

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-43690	date:	2020-08-01T00:00:00
db:	BID	id:	106641	date:	2019-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-014101	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201901-521	date:	2019-01-16T00:00:00
db:	NVD	id:	CVE-2018-20720	date:	2019-01-16T03:29:00.237